CVE-2014-9751 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-9751 Interim 1 15 2024-07-03T02:31:30Z current 2021-05-30T13:25:13Z 2024-07-03T02:31:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-9751 The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 ntp ntp-4.2.6p5-22.el7 ntp-doc ntp-doc-4.2.6p5-22.el7 ntp-perl-4.2.6p5-22.el7 ntpdate-4.2.6p5-22.el7 sntp-4.2.6p5-22.el7 ntp-4.2.6p5-22.el7 as a component of SUSE Liberty Linux 7 ntp-doc-4.2.6p5-22.el7 as a component of SUSE Liberty Linux 7 ntp-perl-4.2.6p5-22.el7 as a component of SUSE Liberty Linux 7 ntpdate-4.2.6p5-22.el7 as a component of SUSE Liberty Linux 7 sntp-4.2.6p5-22.el7 as a component of SUSE Liberty Linux 7 ntp as a component of SUSE Linux Enterprise Desktop 11 SP2 ntp-doc as a component of SUSE Linux Enterprise Desktop 11 SP2 ntp as a component of SUSE Linux Enterprise Desktop 11 SP3 ntp-doc as a component of SUSE Linux Enterprise Desktop 11 SP3 ntp as a component of SUSE Linux Enterprise Desktop 11 SP4 ntp-doc as a component of SUSE Linux Enterprise Desktop 11 SP4 ntp as a component of SUSE Linux Enterprise Desktop 12 ntp-doc as a component of SUSE Linux Enterprise Desktop 12 ntp as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata ntp as a component of SUSE Linux Enterprise Server 11 SP2 ntp-doc as a component of SUSE Linux Enterprise Server 11 SP2 ntp as a component of SUSE Linux Enterprise Server 11 SP2 LTSS ntp as a component of SUSE Linux Enterprise Server 11 SP3 ntp-doc as a component of SUSE Linux Enterprise Server 11 SP3 ntp as a component of SUSE Linux Enterprise Server 11 SP4 LTSS ntp as a component of SUSE Linux Enterprise Server 11 SP4-LTSS ntp-doc as a component of SUSE Linux Enterprise Server 11 SP4-LTSS ntp as a component of SUSE Linux Enterprise Server 12 ntp-doc as a component of SUSE Linux Enterprise Server 12 The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. CVE-2014-9751 SUSE Liberty Linux 7:ntp-4.2.6p5-22.el7 SUSE Liberty Linux 7:ntp-doc-4.2.6p5-22.el7 SUSE Liberty Linux 7:ntp-perl-4.2.6p5-22.el7 SUSE Liberty Linux 7:ntpdate-4.2.6p5-22.el7 SUSE Liberty Linux 7:sntp-4.2.6p5-22.el7 SUSE Linux Enterprise Desktop 11 SP2:ntp SUSE Linux Enterprise Desktop 11 SP2:ntp-doc SUSE Linux Enterprise Desktop 11 SP3:ntp SUSE Linux Enterprise Desktop 11 SP3:ntp-doc SUSE Linux Enterprise Desktop 11 SP4:ntp SUSE Linux Enterprise Desktop 11 SP4:ntp-doc SUSE Linux Enterprise Desktop 12:ntp SUSE Linux Enterprise Desktop 12:ntp-doc SUSE Linux Enterprise Server 11 SP1 for Teradata:ntp SUSE Linux Enterprise Server 11 SP2 LTSS:ntp SUSE Linux Enterprise Server 11 SP2:ntp SUSE Linux Enterprise Server 11 SP2:ntp-doc SUSE Linux Enterprise Server 11 SP3:ntp SUSE Linux Enterprise Server 11 SP3:ntp-doc SUSE Linux Enterprise Server 11 SP4 LTSS:ntp SUSE Linux Enterprise Server 11 SP4-LTSS:ntp SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc SUSE Linux Enterprise Server 12:ntp SUSE Linux Enterprise Server 12:ntp-doc important 9 AV:N/AC:L/Au:N/C:P/I:P/A:C