CVE-2014-9751
NTP 4.x < 4.2.8p1 - Remote Attack via IPv6 Loopback Address Spoofing
Title source: llmDescription
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
References (9)
Core 9
Core References
Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://bugs.ntp.org/show_bug.cgi?id=2672
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72584
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1459.html
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/852879
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3388
Scores
EPSS
0.0453
EPSS Percentile
90.4%
Details
CWE
CWE-20
Status
published
Products (9)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
ntp/ntp
4.2.8
ntp/ntp
4.2.0 - 4.2.8
oracle/linux
7
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Oct 06, 2015
Tracked Since
Feb 18, 2026