CVE-2014-9751

NTP 4.x < 4.2.8p1 - Remote Attack via IPv6 Loopback Address Spoofing

Title source: llm
STIX 2.1

Description

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

References (9)

Core 9
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://bugs.ntp.org/show_bug.cgi?id=2672
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72584
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1459.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/852879
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3388

Scores

EPSS 0.0453
EPSS Percentile 90.4%

Details

CWE
CWE-20
Status published
Products (9)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
ntp/ntp 4.2.8
ntp/ntp 4.2.0 - 4.2.8
oracle/linux 7
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Oct 06, 2015
Tracked Since Feb 18, 2026