CVE-2014-9751

NameCVE-2014-9751
DescriptionThe read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-149-1, DSA-3154-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ntp (PTS)jessie (security), jessie1:4.2.6.p5+dfsg-7+deb8u2fixed
stretch1:4.2.8p10+dfsg-3+deb9u2fixed
buster, sid1:4.2.8p11+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ntpsource(unstable)1:4.2.6.p5+dfsg-4medium
ntpsourcesqueeze1:4.2.6.p2+dfsg-1+deb6u2mediumDLA-149-1
ntpsourcewheezy1:4.2.6.p5+dfsg-2+deb7u2mediumDSA-3154-1

Notes

http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)

Search for package or bug name: Reporting problems