CVE-2014-9751

MEDIUM

Description

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

References

http://bugs.ntp.org/show_bug.cgi?id=2672

http://rhn.redhat.com/errata/RHSA-2015-1459.html

http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

http://www.debian.org/security/2015/dsa-3388

http://www.kb.cert.org/vuls/id/852879

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/72584

https://bugzilla.redhat.com/show_bug.cgi?id=1184572

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Details

Source: MITRE

Published: 2015-10-06

Updated: 2018-08-28

Type: CWE-17

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM