Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-9751

Date: October 4, 2015

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Severity Score

Related Resources (13)

http://bugs.ntp.org/show_bug.cgi?id=2672
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.debian.org/security/2015/dsa-3388
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
http://www.securityfocus.com/bid/72584
http://www.kb.cert.org/vuls/id/852879
https://access.redhat.com/security/cve/CVE-2014-9751
https://nvd.nist.gov/vuln/detail/CVE-2014-9751
https://security-tracker.debian.org/tracker/CVE-2014-9751
https://www.mend.io/vulnerability-database/CVE-2014-9751

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us