Vulnerability Description
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | >= 4.2.0, < 4.2.8 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Debian | Debian Linux | 7.0 |
| Oracle | Linux | 7 |
Related Weaknesses (CWE)
References
- http://bugs.ntp.org/show_bug.cgi?id=2672Issue TrackingPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1459.htmlThird Party Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_VVendor Advisory
- http://www.debian.org/security/2015/dsa-3388Third Party Advisory
- http://www.kb.cert.org/vuls/id/852879Third Party AdvisoryUS Government Resource
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
- http://www.securityfocus.com/bid/72584Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1184572Issue TrackingThird Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpeThird Party Advisory
- http://bugs.ntp.org/show_bug.cgi?id=2672Issue TrackingPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1459.htmlThird Party Advisory
- http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_VVendor Advisory
- http://www.debian.org/security/2015/dsa-3388Third Party Advisory
- http://www.kb.cert.org/vuls/id/852879Third Party AdvisoryUS Government Resource
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
FAQ
What is CVE-2014-9751?
CVE-2014-9751 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it eas...
How severe is CVE-2014-9751?
CVE-2014-9751 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9751?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp, Apple Macos, Linux Linux Kernel, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.