PT-2015-4381 · Ntp+2 · Ntp+2

Publicado

2015-02-05

Atualizado

2021-09-08

CVE-2014-9751

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ntp versions 4.x before 4.2.8p1

Description The issue arises from the read network packet function in ntpd not properly determining whether a source IP address is an IPv6 loopback address. This makes it easier for remote attackers to spoof restricted packets and read or write to the runtime state by sending a packet from the ::1 address to the ntpd machine's network interface.

Recommendations For ntp versions 4.x before 4.2.8p1, update to version 4.2.8p1 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2015_1459

CESA-2015_2231

CVE-2014-9751

DLA-149-1

DSA-3154-1

DSA-3388-1

RHSA-2015:1459

RHSA-2015:2231

RHSA-2015_1459

RHSA-2015_2231

Produtos afetados

Centos

Red Hat

Ntp

PT-2015-4381 · Ntp+2 · Ntp+2

CVE-2014-9751

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67