CVE-2014-9751
Summary
| CVE | CVE-2014-9751 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-06 01:59:02 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Application | Ntp | Ntp | All | All | All | All |
| Application | Ntp | Ntp | 4.2.8 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.ntp.org/bin/view/Main/SecurityNotice | af854a3a-2127-422b-91ae-364da2661108 | support.ntp.org | Vendor Advisory |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | support.hpe.com | Third Party Advisory |
| Bug 1184572 – CVE-2014-9298 ntp: drop packets with source address ::1 | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Vulnerability Note VU#852879 - Network Time Protocol (NTP) Project NTP daemon (ntpd) contains multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| NTP 'ntp_io.c' Authentication Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-3388-1 ntp | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| Oracle Linux Bulletin - October 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| Bug 2672 – ::1 can be spoofed. ACLs based on source IP can be bypassed | af854a3a-2127-422b-91ae-364da2661108 | bugs.ntp.org | Issue Tracking, Patch, Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 43837 HPE Comware 5 And Comware 7 Switches And Routers using NTP, Remote Denial Of Service (HPESBHF03886)