{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-9751","title":"Title"},{"category":"description","text":"The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-9751","url":"https://www.suse.com/security/cve/CVE-2014-9751"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 911792 for CVE-2014-9751","url":"https://bugzilla.suse.com/911792"},{"category":"external","summary":"SUSE Bug 948963 for CVE-2014-9751","url":"https://bugzilla.suse.com/948963"},{"category":"external","summary":"SUSE Bug 959243 for CVE-2014-9751","url":"https://bugzilla.suse.com/959243"}],"title":"SUSE CVE CVE-2014-9751","tracking":{"current_release_date":"2025-04-25T11:33:33Z","generator":{"date":"2023-02-15T05:24:27Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-9751","initial_release_date":"2023-02-15T05:24:27Z","revision_history":[{"date":"2023-02-15T05:24:27Z","number":"2","summary":"Current version"},{"date":"2024-07-03T06:32:17Z","number":"3","summary":"Current version"},{"date":"2025-03-14T06:31:11Z","number":"4","summary":"Current version"},{"date":"2025-03-16T05:03:59Z","number":"5","summary":"Current version"},{"date":"2025-04-25T11:33:33Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 7","product":{"name":"SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7","product_identification_helper":{"cpe":"cpe:/o:suse:sll:7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 11 SP2","product":{"name":"SUSE Linux Enterprise Desktop 11 SP2","product_id":"SUSE Linux Enterprise Desktop 11 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sled:11:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 11 SP3","product":{"name":"SUSE Linux Enterprise Desktop 11 SP3","product_id":"SUSE Linux Enterprise Desktop 11 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sled:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 11 SP4","product":{"name":"SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sled:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12","product":{"name":"SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP2","product":{"name":"SUSE Linux Enterprise Server 11 SP2","product_id":"SUSE Linux Enterprise Server 11 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP2 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP2 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3","product":{"name":"SUSE Linux Enterprise Server 11 SP3","product_id":"SUSE Linux Enterprise Server 11 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12","product":{"name":"SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12"}}},{"category":"product_version","name":"ntp","product":{"name":"ntp","product_id":"ntp","product_identification_helper":{"cpe":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ntp@?upstream=ntp.src.rpm"}}},{"category":"product_version","name":"ntp-4.2.6p5-22.el7","product":{"name":"ntp-4.2.6p5-22.el7","product_id":"ntp-4.2.6p5-22.el7","product_identification_helper":{"cpe":"cpe:2.3:a:ntp:ntp:4.2.6p5:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ntp@4.2.6p5-22.el7?upstream=ntp-4.2.6p5-22.el7.src.rpm"}}},{"category":"product_version","name":"ntp-doc","product":{"name":"ntp-doc","product_id":"ntp-doc","product_identification_helper":{"cpe":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ntp-doc@?upstream=ntp.src.rpm"}}},{"category":"product_version","name":"ntp-doc-4.2.6p5-22.el7","product":{"name":"ntp-doc-4.2.6p5-22.el7","product_id":"ntp-doc-4.2.6p5-22.el7","product_identification_helper":{"cpe":"cpe:2.3:a:ntp:ntp:4.2.6p5:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/ntp-doc@4.2.6p5-22.el7?upstream=ntp-4.2.6p5-22.el7.src.rpm"}}},{"category":"product_version","name":"ntp-perl-4.2.6p5-22.el7","product":{"name":"ntp-perl-4.2.6p5-22.el7","product_id":"ntp-perl-4.2.6p5-22.el7","product_identification_helper":{"purl":"pkg:rpm/suse/ntp-perl@4.2.6p5-22.el7"}}},{"category":"product_version","name":"ntpdate-4.2.6p5-22.el7","product":{"name":"ntpdate-4.2.6p5-22.el7","product_id":"ntpdate-4.2.6p5-22.el7","product_identification_helper":{"purl":"pkg:rpm/suse/ntpdate@4.2.6p5-22.el7"}}},{"category":"product_version","name":"sntp-4.2.6p5-22.el7","product":{"name":"sntp-4.2.6p5-22.el7","product_id":"sntp-4.2.6p5-22.el7","product_identification_helper":{"purl":"pkg:rpm/suse/sntp@4.2.6p5-22.el7"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ntp-4.2.6p5-22.el7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ntp-4.2.6p5-22.el7"},"product_reference":"ntp-4.2.6p5-22.el7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc-4.2.6p5-22.el7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ntp-doc-4.2.6p5-22.el7"},"product_reference":"ntp-doc-4.2.6p5-22.el7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ntp-perl-4.2.6p5-22.el7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ntp-perl-4.2.6p5-22.el7"},"product_reference":"ntp-perl-4.2.6p5-22.el7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ntpdate-4.2.6p5-22.el7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:ntpdate-4.2.6p5-22.el7"},"product_reference":"ntpdate-4.2.6p5-22.el7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"sntp-4.2.6p5-22.el7 as component of SUSE Liberty Linux 7","product_id":"SUSE Liberty Linux 7:sntp-4.2.6p5-22.el7"},"product_reference":"sntp-4.2.6p5-22.el7","relates_to_product_reference":"SUSE Liberty Linux 7"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Desktop 11 SP2","product_id":"SUSE Linux Enterprise Desktop 11 SP2:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP2"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Desktop 11 SP2","product_id":"SUSE Linux Enterprise Desktop 11 SP2:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP2"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Desktop 11 SP3","product_id":"SUSE Linux Enterprise Desktop 11 SP3:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Desktop 11 SP3","product_id":"SUSE Linux Enterprise Desktop 11 SP3:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP2","product_id":"SUSE Linux Enterprise Server 11 SP2:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Server 11 SP2","product_id":"SUSE Linux Enterprise Server 11 SP2:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP2 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP2 LTSS:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP2 LTSS"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP3","product_id":"SUSE Linux Enterprise Server 11 SP3:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Server 11 SP3","product_id":"SUSE Linux Enterprise Server 11 SP3:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP4 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4 LTSS:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4 LTSS"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"ntp as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:ntp"},"product_reference":"ntp","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"ntp-doc as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:ntp-doc"},"product_reference":"ntp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 12"}]},"vulnerabilities":[{"cve":"CVE-2014-9751","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-9751"}],"notes":[{"category":"general","text":"The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Desktop 11 SP2:ntp","SUSE Linux Enterprise Desktop 11 SP2:ntp-doc","SUSE Linux Enterprise Desktop 11 SP3:ntp","SUSE Linux Enterprise Desktop 11 SP3:ntp-doc","SUSE Linux Enterprise Desktop 11 SP4:ntp","SUSE Linux Enterprise Desktop 11 SP4:ntp-doc","SUSE Linux Enterprise Desktop 12:ntp","SUSE Linux Enterprise Desktop 12:ntp-doc","SUSE Linux Enterprise Server 11 SP1 for Teradata:ntp","SUSE Linux Enterprise Server 11 SP2 LTSS:ntp","SUSE Linux Enterprise Server 11 SP2:ntp","SUSE Linux Enterprise Server 11 SP2:ntp-doc","SUSE Linux Enterprise Server 11 SP3:ntp","SUSE Linux Enterprise Server 11 SP3:ntp-doc","SUSE Linux Enterprise Server 11 SP4 LTSS:ntp","SUSE Linux Enterprise Server 11 SP4-LTSS:ntp","SUSE Linux Enterprise Server 11 SP4-LTSS:ntp-doc","SUSE Linux Enterprise Server 12:ntp","SUSE Linux Enterprise Server 12:ntp-doc"],"recommended":["SUSE Liberty Linux 7:ntp-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntp-doc-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntp-perl-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntpdate-4.2.6p5-22.el7","SUSE Liberty Linux 7:sntp-4.2.6p5-22.el7"]},"references":[{"category":"external","summary":"CVE-2014-9751","url":"https://www.suse.com/security/cve/CVE-2014-9751"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 911792 for CVE-2014-9751","url":"https://bugzilla.suse.com/911792"},{"category":"external","summary":"SUSE Bug 948963 for CVE-2014-9751","url":"https://bugzilla.suse.com/948963"},{"category":"external","summary":"SUSE Bug 959243 for CVE-2014-9751","url":"https://bugzilla.suse.com/959243"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 7:ntp-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntp-doc-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntp-perl-4.2.6p5-22.el7","SUSE Liberty Linux 7:ntpdate-4.2.6p5-22.el7","SUSE Liberty Linux 7:sntp-4.2.6p5-22.el7"]}],"threats":[{"category":"impact","date":"2015-10-05T14:41:32Z","details":"important"}],"title":"CVE-2014-9751"}]}