Is the NET+OS development environment vulnerable to CVE-2014-9296

Problem: According to site https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296,
"The receive function in ntp_proto.c in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association via crafted packet."

Analysis: The NET+OS development environment does not use the NTP (SNTP) referenced in the CV notice. Thus the NET+OS development environment is not vulnerable to this CVE-2014-9296.

Customer Actions: No customer actions are required.

Citations:
Vulnerability Summary for CVE-2014-9296. NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296
Last updated: Jan 01, 2024

Recently Viewed

No recently viewed articles

Did you find this article helpful?