SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   ntp Vendors:   ntp.org
NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023298
SecurityTracker URL:  http://securitytracker.com/id/1023298
CVE Reference:   CVE-2009-3563   (Links to External Site)
Date:  Dec 8 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.2.4p8
Description:   A vulnerability was reported in ntp. A remote user can cause denial of service conditions.

A remote user can send a specially crafted NTP packet to create a packet reply loop between two target ntpd servers. This may consume excessive CPU and disk resources on the target system.

Robin Park and Dmitri Vinokurov reported this vulnerability.
Impact:   A remote user can cause excessive CPU and disk space consumption on the target servers.
Solution:   The vendor has issued a fix (4.2.4p8).

The vendor's advisory is available at:

https://support.ntp.org/bugs/show_bug.cgi?id=1331
Vendor URL:  ntp.org/ (Links to External Site)
Cause:   Input validation error, Resource error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 8 2009 (Red Hat Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4 and 5.
Dec 8 2009 (Red Hat Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 3.
Jan 7 2010 (FreeBSD Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0.
Jan 7 2010 (F5 Issues Fix for BIG-IP) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for BIG-IP.
Jan 18 2010 (Sun Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Sun has issued a fix for Solaris 9 and 10 and OpenSolaris.
Mar 4 2010 (IBM Issues Fix for AIX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
IBM has issued a fix for AIX.
Oct 5 2010 (HP Issues Fix for Tru64) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service   (security-alert@hp.com)
HP has issued a fix for HP Tru64 UNIX.
Apr 1 2011 (HP Issues Fix for HP-UX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service   (security-alert@hp.com)
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.
Sep 22 2011 (HP Issues Fix for OpenVMS) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for OpenVMS 5.4, 5.5, 5.6, and 5.7.
Dec 16 2011 (Oracle Issues Fix for Sun SPARC) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Sun SPARC Server.
Mar 28 2013 (HP Issues Fix for HP-UX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for XNTP on HP-UX 11.31.


 Source Message Contents
Date:  Tue, 08 Dec 2009 20:55:44 +0000
Subject:  ntp


CVE-2009-3563

https://support.ntp.org/bugs/show_bug.cgi?id=1331


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC