Lucene search
F5F5:K16393HistoryNov 07, 2015 - 12:00 a.m.
K16393 : NTP vulnerability CVE-2014-9751
2015-11-0700:00:00
my.f5.com
16
Security Advisory Description
Some kernels do not offer protection for ::1 source addresses on IPv6 interfaces. Since NTP’s access control mechanism is based on source address and localhost addresses generally have no restrictions, an attacker may be able to send malicious control and configuration packets by spoofing ::1 addresses from the outside. (CVE-2014-9751)
Note: The candidate number originally referenced in this article, CVE-2014-9298, was rejected because it was associated with two different issues.
Impact
This vulnerability may allow an attacker to bypass NTP access control mechanisms that rely on IPv6 source address filtering.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.5.5 | |
| big-ip afm | eq | 11.6.0 |
Related
nessus
nessus
F5 Networks BIG-IP : NTP vulnerability (K16393)
2015-10-05 00:00:00
RHEL 6 : ntp (RHSA-2015:1459)
2015-07-23 00:00:00
CentOS 7 : ntp (CESA-2015:2231)
2015-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-9751
2015-10-06 00:00:00
cve
cve
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Authentication flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
nvd
nvd
openvas
openvas
Debian: Security Advisory (DLA-149-1)
2023-03-08 00:00:00
RedHat Update for ntp RHSA-2015:1459-01
2015-07-23 00:00:00
Debian: Security Advisory (DSA-3154-2)
2015-02-04 00:00:00
ibm
ibm
f5
f5
SOL16393 - NTP vulnerability CVE-2014-9751
2015-04-09 00:00:00
debiancve
debiancve
CVE-2014-9751
2015-10-06 01:59:02
cvelist
cvelist
CVE-2014-9751
2015-10-04 20:00:00
CVE-2014-9298
2015-10-04 20:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:41:07
Insufficient Entropy In Key Generation Algorithm
2019-05-02 05:41:08
Improper Input Validation And Arbitary Code Injection
2019-05-02 05:41:07
centos
centos
ntp, ntpdate security update
2015-07-26 14:13:05
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
osv
osv
ntp - security update
2015-02-05 00:00:00
ntp - incomplete fix
2015-02-05 00:00:00
ntp - security update
2015-02-07 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2015-02-09 00:00:00
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
debian
debian
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DLA 149-1] ntp security update
2015-02-07 15:26:18
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
securityvulns
securityvulns
[USN-2497-1] NTP vulnerabilities
2015-02-11 00:00:00
ntpd multiple security vulnerabilities
2015-02-11 00:00:00
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
2015-04-09 00:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-02-11 23:47:51
archlinux
archlinux
ntp: multiple issues
2015-02-06 00:00:00
amazon
amazon
Medium: ntp
2015-03-23 08:31:00
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
suse
suse
Security update for ntp (important)
2015-02-13 19:04:50
Security update for xntp (important)
2015-02-19 01:05:02
Security update for ntp (important)
2015-02-12 21:04:54
fedora
fedora
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21
2015-02-15 03:25:41
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20
2015-02-15 03:17:24
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
ics
ics
Network Time Protocol Vulnerabilities (Update C)
2018-08-29 12:00:00
Network Time Protocol Vulnerabilities (Update B)
2018-09-10 12:00:00
cert
cert
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
2014-12-22 16:00:00