CVE-2014-9751

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.2.0 ≤
𝑥
< 4.2.8
ntpntp
4.2.8
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
not-affected
trusty
not-affected
vivid
not-affected
wily
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ntp
RHEL 6
0:4.2.6p5-5.el6
fixed
RHEL 7
0:4.2.6p5-22.el7
fixed
ntp-doc
RHEL 6
0:4.2.6p5-5.el6
fixed
RHEL 7
0:4.2.6p5-22.el7
fixed
ntp-perl
RHEL 6
0:4.2.6p5-5.el6
fixed
RHEL 7
0:4.2.6p5-22.el7
fixed
ntpdate
RHEL 6
0:4.2.6p5-5.el6
fixed
RHEL 7
0:4.2.6p5-22.el7
fixed
sntp
RHEL 7
0:4.2.6p5-22.el7
fixed
Common Weakness Enumeration
References
http://bugs.ntp.org/show_bug.cgi?id=2672
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
http://www.debian.org/security/2015/dsa-3388
http://www.kb.cert.org/vuls/id/852879
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72584
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
http://bugs.ntp.org/show_bug.cgi?id=2672
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
http://www.debian.org/security/2015/dsa-3388
http://www.kb.cert.org/vuls/id/852879
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/72584
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us