PT-2015-4381 · Ntp+2 · Ntp+2

Published

2015-02-05

Updated

2021-09-08

CVE-2014-9751

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ntp versions 4.x before 4.2.8p1

Description The issue arises from the read network packet function in ntpd not properly determining whether a source IP address is an IPv6 loopback address. This makes it easier for remote attackers to spoof restricted packets and read or write to the runtime state by sending a packet from the ::1 address to the ntpd machine's network interface.

Recommendations For ntp versions 4.x before 4.2.8p1, update to version 4.2.8p1 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CESA-2015_1459

CESA-2015_2231

CVE-2014-9751

DLA-149-1

DSA-3154-1

DSA-3388-1

RHSA-2015:1459

RHSA-2015:2231

RHSA-2015_1459

RHSA-2015_2231

Affected Products

Centos

Red Hat

Ntp

PT-2015-4381 · Ntp+2 · Ntp+2

CVE-2014-9751

Weakness Enumeration

Related Identifiers

Affected Products

References · 67