Is the NET+OS development environment vulnerable to CVE-2014-9294?

Problem: A vulnerability was discovered in certain NTP implementations, specifically as described in, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9294,
"util/ntp-keygen.c in ntp-keygen before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic mechanisms via brute-force attacks."

Analysis: The NTP (SNTP) implementation in the NET+OS development environment does not utilize SSL in the sending and receiving of packets. Thus it is not vulnerable to this attack.

Customer actions: No customer actions are required.

Citations:
"Vulnerability Summary for CVE-2014-9294". NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9294

Last updated: Oct 21, 2024

Recently Viewed

No recently viewed articles

Did you find this article helpful?