Last update: April 22, 2024 18:49 UTC (7e7bd5857)
| Resolved | 4.2.8p1 | 04 Feb 2015 |
|---|---|---|
| References | Bug 2672 | CVE-2014-9751 |
| Affects | All NTP4 releases before 4.2.8p1, under at least some versions of MacOS and Linux. *BSD has not been seen to be vulnerable. |
Resolved in 4.2.8p1. |
| CVSS2 Score | 9 | AV:N/AC:L/Au:N/C:P/I:P/A:C |
While available kernels will prevent 127.0.0.1 addresses from “appearing” on non-localhost IPv4 interfaces, some kernels do not offer the same protection for ::1 source addresses on IPv6 interfaces. Since NTP’s access control is based on source address and localhost addresses generally have no restrictions, an attacker can send malicious control and configuration packets by spoofing ::1 addresses from the outside.
NOTE: This is not really a bug in NTP, it’s a problem with some OSes. If you have one of these OSes where ::1 can be spoofed, ALL ::1 -based ACL restrictions on any application can be bypassed!
This vulnerability was discovered by Stephen Roettger of the Google Security Team.