VDB

CVE-2014-9751

CVE-2014-9751 PUBLISHED

Reported by mitre · Published October 4, 2015

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, n/a

Timeline

  • Oct 4, 2015 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 13, 2022 CVE Updated
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Sep 7, 2023 EPSS Score

References

  • VU#852879 third-party-advisoryx_refsource_CERT-VN
  • x_refsource_CONFIRM
  • x_refsource_CONFIRM
  • x_refsource_CONFIRM
  • DSA-3388 vendor-advisoryx_refsource_DEBIAN
  • 72584 vdb-entryx_refsource_BID
  • RHSA-2015:1459 vendor-advisoryx_refsource_REDHAT
  • x_refsource_CONFIRM
  • x_refsource_CONFIRM
Open in Interactive Console →
$ Console Community · 100/wk Open console ›