SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ntp Vendors:   ntp.org
NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023298
SecurityTracker URL:  http://securitytracker.com/id/1023298
CVE Reference:   CVE-2009-3563   (Links to External Site)
Date:  Dec 8 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.2.4p8
Description:   A vulnerability was reported in ntp. A remote user can cause denial of service conditions.

A remote user can send a specially crafted NTP packet to create a packet reply loop between two target ntpd servers. This may consume excessive CPU and disk resources on the target system.

Robin Park and Dmitri Vinokurov reported this vulnerability.

Impact:   A remote user can cause excessive CPU and disk space consumption on the target servers.
Solution:   The vendor has issued a fix (4.2.4p8).

The vendor's advisory is available at:

https://support.ntp.org/bugs/show_bug.cgi?id=1331

Vendor URL:  ntp.org/ (Links to External Site)
Cause:   Input validation error, Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 8 2009 (Red Hat Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 4 and 5.
Dec 8 2009 (Red Hat Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 3.
Jan 7 2010 (FreeBSD Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
FreeBSD has issued a fix for FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0.
Jan 7 2010 (F5 Issues Fix for BIG-IP) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for BIG-IP.
Jan 18 2010 (Sun Issues Fix) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Sun has issued a fix for Solaris 9 and 10 and OpenSolaris.
Mar 4 2010 (IBM Issues Fix for AIX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
IBM has issued a fix for AIX.
Oct 5 2010 (HP Issues Fix for Tru64) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for HP Tru64 UNIX.
Apr 1 2011 (HP Issues Fix for HP-UX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.
Sep 22 2011 (HP Issues Fix for OpenVMS) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for OpenVMS 5.4, 5.5, 5.6, and 5.7.
Dec 16 2011 (Oracle Issues Fix for Sun SPARC) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Sun SPARC Server.
Mar 28 2013 (HP Issues Fix for HP-UX) NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for XNTP on HP-UX 11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC