CVE-2014-9751

high

Description

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

https://bugzilla.redhat.com/show_bug.cgi?id=1184572

http://www.securityfocus.com/bid/72584

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.kb.cert.org/vuls/id/852879

http://www.debian.org/security/2015/dsa-3388

http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

http://rhn.redhat.com/errata/RHSA-2015-1459.html

http://bugs.ntp.org/show_bug.cgi?id=2672

Details

Source: Mitre, NVD

Published: 2015-10-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High