CVE-2014-9294
EPSS 33.3%
Description
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
How to fix CVE-2014-9294
To remediate CVE-2014-9294, upgrade the affected package to a fixed version below.
- Debian/ntp—upgrade to 1:4.2.6.p5+dfsg-3.2 or later
Is CVE-2014-9294 being exploited?
Moderate — EPSS is 33.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1:4.2.6.p5+dfsg-3.2