Vulnerability Name:

CVE-2014-9751 (CCN-109548)

Assigned:2015-02-04
Published:2015-02-04
Updated:2021-09-08
Summary:The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
http://bugs.ntp.org/show_bug.cgi?id=2672

Source: MITRE
Type: CNA
CVE-2014-9751

Source: REDHAT
Type: Third Party Advisory
RHSA-2015:1459

Source: CCN
Type: NTP Web site
October 2015 NTP-4.2.8p4 Security Vulnerability Announcement (Medium)

Source: CONFIRM
Type: Vendor Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne

Source: DEBIAN
Type: Third Party Advisory
DSA-3388

Source: CCN
Type: IBM Security Bulletin T1023291
IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)

Source: CCN
Type: IBM Security Bulletin T1023431 (PowerKVM)
Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM

Source: CCN
Type: IBM Security Bulletin 1977803 (PureData System for Analytics)
Multiple Security Vulnerabilities affecting IBM Netezza Host Management

Source: CCN
Type: US-CERT VU#852879
Network Time Protocol (NTP) Project NTP daemon (ntpd) contains multiple vulnerabilities

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#852879

Source: CONFIRM
Type: Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: BID
Type: Third Party Advisory, VDB Entry
72584

Source: CCN
Type: BID-72584
NTP 'ntp_io.c' Authentication Security Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla – Bug 1184572
(CVE-2014-9298, CVE-2014-9751) CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1184572

Source: XF
Type: UNKNOWN
ntp-cve20149751-spoofing(109548)

Source: CONFIRM
Type: Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-9751

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ntp:ntp:*:*:*:*:*:*:*:* (Version >= 4.2.0 and < 4.2.8)
  • OR cpe:/a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:macos:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:oracle:linux:7:-:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

  • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

  • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ibm:puredata_system:1.0.0:*:*:*:analytics:*:*:*
  • OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:304
    P
    DSA-3388-1 ntp -- security update
    2016-02-08
    oval:com.redhat.rhsa:def:20152231
    P
    RHSA-2015:2231: ntp security, bug fix, and enhancement update (Moderate)
    2015-11-19
    oval:com.ubuntu.precise:def:20149751000
    V
    CVE-2014-9751 on Ubuntu 12.04 LTS (precise) - medium.
    2015-10-05
    oval:com.ubuntu.trusty:def:20149751000
    V
    CVE-2014-9751 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-10-05
    oval:com.redhat.rhsa:def:20151459
    P
    RHSA-2015:1459: ntp security, bug fix, and enhancement update (Moderate)
    2015-07-22
    BACK
    ntp ntp *
    ntp ntp 4.2.8 -
    apple macos -
    linux linux kernel -
    redhat enterprise linux desktop 6.0
    redhat enterprise linux server 6.0
    redhat enterprise linux workstation 6.0
    debian debian linux 7.0
    debian debian linux 8.0
    debian debian linux 9.0
    oracle linux 7 -
    ibm puredata system 1.0.0
    ibm powerkvm 2.1
    ibm powerkvm 3.1