Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2014-9751
HistoryOct 06, 2015 - 12:00 a.m.

CVE-2014-9751

2015-10-0600:00:00
ubuntu.com
ubuntu.com
16

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before
4.2.8p1 on Linux and OS X does not properly determine whether a source IP
address is an IPv6 loopback address, which makes it easier for remote
attackers to spoof restricted packets, and read or write to the runtime
state, by leveraging the ability to reach the ntpd machine’s network
interface with a packet from the ::1 address.

Bugs

Notes

Author Note
mdeslaur this used to be known as CVE-2014-9298, patches were released in USN-2497-1

Related

nessus 24
f5 2
cve 3
prion 3
openvas 25
ibm 14
debiancve 1
veracode 5
redhat 2
osv 3
centos 2
ubuntu 1
securityvulns 4
debian 4
mageia 1
archlinux 1
amazon 1
oraclelinux 2
suse 5
fedora 4
ics 2
cert 1
cisco 1
nessus
nessus
F5 Networks BIG-IP : NTP vulnerability (K16393)
2015-10-05 00:00:00
Scientific Linux Security Update : ntp on SL7.x x86_64 (20151119)
2015-12-22 00:00:00
Oracle Linux 7 : ntp (ELSA-2015-2231)
2015-11-24 00:00:00
f5
f5
K16393 : NTP vulnerability CVE-2014-9751
2015-11-07 00:00:00
SOL16393 - NTP vulnerability CVE-2014-9751
2015-04-09 00:00:00
cve
cve
CVE-2014-9298
2015-10-06 01:59:00
CVE-2014-9751
2015-10-06 01:59:00
CVE-2014-9297
2015-10-06 01:59:00
prion
prion
Design/Logic Flaw
2015-10-06 01:59:00
Authentication flaw
2015-10-06 01:59:00
Design/Logic Flaw
2015-10-06 01:59:00
openvas
openvas
Debian: Security Advisory (DLA-149-1)
2023-03-08 00:00:00
RedHat Update for ntp RHSA-2015:1459-01
2015-07-23 00:00:00
RedHat Update for ntp RHSA-2015:2231-04
2015-11-20 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affecting IBM Netezza Host Management
2019-10-18 03:10:29
Security Bulletin: IBM Pure Power Integrated Manager (PPIM) is affected by vulnerabilities in ntp (CVE-2014-9750, CVE-2014-9751)
2018-06-18 01:30:30
Security Bulletin: Vulnerabilities in NTP Affect Power Hardware Management Console (CVE-2014-9297, CVE-2014-9298)
2021-09-23 01:31:39
debiancve
debiancve
CVE-2014-9751
2015-10-06 01:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:41:07
Improper Input Validation And Arbitary Code Injection
2019-05-02 05:41:07
Man-In-The-Middle (MitM)
2019-05-02 05:41:08
redhat
redhat
(RHSA-2015:2231) Moderate: ntp security, bug fix, and enhancement update
2015-11-19 14:42:12
(RHSA-2015:1459) Moderate: ntp security, bug fix, and enhancement update
2015-07-22 00:00:00
osv
osv
ntp - security update
2015-02-05 00:00:00
ntp - incomplete fix
2015-02-05 00:00:00
ntp - security update
2015-02-07 00:00:00
centos
centos
ntp, ntpdate security update
2015-07-26 14:13:05
ntp, ntpdate, sntp security update
2015-11-30 19:45:44
ubuntu
ubuntu
NTP vulnerabilities
2015-02-09 00:00:00
securityvulns
securityvulns
[USN-2497-1] NTP vulnerabilities
2015-02-11 00:00:00
ntpd multiple security vulnerabilities
2015-02-11 00:00:00
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
2015-04-09 00:00:00
debian
debian
[SECURITY] [DLA 149-1] ntp security update
2015-02-07 15:26:18
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
[SECURITY] [DSA 3154-1] ntp security update
2015-02-05 21:13:52
mageia
mageia
Updated ntp packages fix security vulnerabilities
2015-02-11 23:47:51
archlinux
archlinux
ntp: multiple issues
2015-02-06 00:00:00
amazon
amazon
Medium: ntp
2015-03-23 08:31:00
oraclelinux
oraclelinux
ntp security, bug fix, and enhancement update
2015-11-23 00:00:00
ntp security, bug fix, and enhancement update
2015-07-28 00:00:00
suse
suse
Security update for xntp (important)
2015-02-19 01:05:02
Security update for ntp (important)
2015-02-13 19:04:50
Security update for ntp (important)
2015-02-12 03:06:04
fedora
fedora
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-20.fc20
2015-02-15 03:17:24
[SECURITY] Fedora 21 Update: ntp-4.2.6p5-27.fc21
2015-02-15 03:25:41
[SECURITY] Fedora 20 Update: ntp-4.2.6p5-22.fc20
2015-04-22 22:55:51
ics
ics
Network Time Protocol Vulnerabilities (Update B)
2018-09-10 12:00:00
Network Time Protocol Vulnerabilities (Update C)
2018-08-29 12:00:00
cert
cert
NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)
2014-12-19 00:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products
2014-12-22 16:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for UB:CVE-2014-9751
nessus24f52cve3prion3openvas25ibm14debiancve1veracode5redhat2osv3centos2ubuntu1securityvulns4debian4mageia1archlinux1amazon1oraclelinux2suse5fedora4ics2cert1cisco1