Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-9751

Published: 06/10/2015 Updated: 08/09/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Ntp

Vulnerability Summary

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x prior to 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote malicious users to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

debian debian linux 7.0

debian debian linux 8.0

debian debian linux 9.0

oracle linux 7

Vendor Advisories

Red Hat: Moderate: ntp security, bug fix, and enhancement update
Synopsis Moderate: ntp security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated ntp packages that fix multiple security issues, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update a ...
Debian Security Advisories: DSA-3154-1 ntp -- security update
Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9750 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation ...
Debian Security Advisories: DSA-3388-1 ntp -- security update
Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...
Red Hat: CVE-2014-9751
It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses ...

References

CWE-20http://bugs.ntp.org/show_bug.cgi?id=2672http://www.kb.cert.org/vuls/id/852879http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulnehttps://bugzilla.redhat.com/show_bug.cgi?id=1184572http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/72584http://www.debian.org/security/2015/dsa-3388http://rhn.redhat.com/errata/RHSA-2015-1459.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_ushttps://access.redhat.com/errata/RHSA-2015:2231https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-9751https://www.debian.org/security/./dsa-3154
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook