Showing 1 - 2 of 2

CVE-2014-9751

Status Candidate

Overview

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Related Files

Red Hat Security Advisory 2015-2231-04: Posted Nov 20, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-2231-04 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers.; tags | advisory, denial of service, spoof, protocol; systems | linux, redhat; advisories | CVE-2014-9297, CVE-2014-9298, CVE-2014-9750, CVE-2014-9751, CVE-2015-1798, CVE-2015-1799, CVE-2015-3405; SHA-256 | 367755c77b0b38eda48b414ce2bd65326fc2b4deda486e3ad955cc5616ae75be; Download | Favorite | View