Vulnerability Details : CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2014-9751
Probability of exploitation activity in the next 30 days: 1.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9751
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-9751
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9751
-
http://rhn.redhat.com/errata/RHSA-2015-1459.html
RHSA-2015:1459 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/72584
NTP 'ntp_io.c' Authentication Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://bugs.ntp.org/show_bug.cgi?id=2672
Issue Tracking;Patch;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3388
Debian -- Security Information -- DSA-3388-1 ntpThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
1184572 – (CVE-2014-9298, CVE-2014-9751) CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1Issue Tracking;Third Party Advisory
-
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
SecurityNotice < Main < NTPVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://www.kb.cert.org/vuls/id/852879
VU#852879 - NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)Third Party Advisory;US Government Resource
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
HPESBHF03886 rev.1 - HPE Comware 5 and Comware 7 Switches and Routers using NTP, Remote Denial of ServiceThird Party Advisory
Products affected by CVE-2014-9751
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*