6.8

CVE-2014-9751

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version >= 4.2.0 < 4.2.8
   ApplemacOS Version-
   LinuxLinux Kernel Version-
NtpNtp Version4.2.8 Update-
   ApplemacOS Version-
   LinuxLinux Kernel Version-
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OracleLinux Version7 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.53% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://www.kb.cert.org/vuls/id/852879
Third Party Advisory
US Government Resource
http://rhn.redhat.com/errata/RHSA-2015-1459.html
Third Party Advisory
http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne
Vendor Advisory
http://www.debian.org/security/2015/dsa-3388
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us
Third Party Advisory
http://bugs.ntp.org/show_bug.cgi?id=2672
Patch
Vendor Advisory
Issue Tracking
http://www.securityfocus.com/bid/72584
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1184572
Third Party Advisory
Issue Tracking