CVE-2014-9751

EUVD-2014-9557
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.2.0 ≤
𝑥
< 4.2.8
ntpntp
4.2.8
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
not-affected
trusty
not-affected
vivid
not-affected
wily
not-affected
Common Weakness Enumeration
References
http://bugs.ntp.org/show_bug.cgi?id=2672
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
http://www.debian.org/security/2015/dsa-3388
http://www.kb.cert.org/vuls/id/852879
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72584
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
http://bugs.ntp.org/show_bug.cgi?id=2672
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
http://www.debian.org/security/2015/dsa-3388
http://www.kb.cert.org/vuls/id/852879
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72584
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us