ID CVE-2009-3563
Summary ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
References
Vulnerable Configurations
  • cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:-:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p1:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p2:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p3:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p3:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.2:p4:*:*:*:*:*:*
  • cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
oval via4
  • accepted 2013-04-29T04:12:29.559-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    family unix
    id oval:org.mitre.oval:def:11225
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    version 24
  • accepted 2011-01-10T04:00:11.431-05:00
    class vulnerability
    contributors
    name Yamini Mohan R
    organization Hewlett-Packard
    definition_extensions
    • comment IBM AIX 5300-08 is installed
      oval oval:org.mitre.oval:def:5293
    • comment IBM AIX 5300-09 is installed
      oval oval:org.mitre.oval:def:6306
    • comment IBM AIX 6100-01 is installed
      oval oval:org.mitre.oval:def:5959
    • comment IBM AIX 6100-02 is installed
      oval oval:org.mitre.oval:def:5685
    • comment IBM AIX 6100-03 is installed
      oval oval:org.mitre.oval:def:6736
    • comment IBM AIX 6100-04 is installed
      oval oval:org.mitre.oval:def:7373
    description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    family unix
    id oval:org.mitre.oval:def:12141
    status accepted
    submitted 2010-11-26T12:23:50.000-05:00
    title AIX xntpd denial-of-service vulnerability
    version 42
  • accepted 2015-04-20T04:01:12.142-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    family unix
    id oval:org.mitre.oval:def:19376
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
    version 42
  • accepted 2014-01-20T04:01:31.665-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    family unix
    id oval:org.mitre.oval:def:7076
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
    version 8
redhat via4
advisories
  • bugzilla
    id 531213
    title CVE-2009-3563 ntpd: DoS with mode 7 packets (VU#568372)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • comment ntp is earlier than 0:4.2.0.a.20040617-8.el4_8.1
        oval oval:com.redhat.rhsa:tst:20091648002
      • comment ntp is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20090046003
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment ntp is earlier than 0:4.2.2p1-9.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091648005
      • comment ntp is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20090046006
    rhsa
    id RHSA-2009:1648
    released 2009-12-08
    severity Moderate
    title RHSA-2009:1648: ntp security update (Moderate)
  • bugzilla
    id 531213
    title CVE-2009-3563 ntpd: DoS with mode 7 packets (VU#568372)
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • comment ntp is earlier than 0:4.1.2-6.el3
      oval oval:com.redhat.rhsa:tst:20091651002
    • comment ntp is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20090046003
    rhsa
    id RHSA-2009:1651
    released 2009-12-08
    severity Moderate
    title RHSA-2009:1651: ntp security update (Moderate)
  • rhsa
    id RHSA-2010:0095
rpms
  • ntp-0:4.2.0.a.20040617-8.el4_8.1
  • ntp-0:4.2.2p1-9.el5_4.1
  • ntp-0:4.1.2-6.el3
refmap via4
aixapar
  • IZ68659
  • IZ71047
bid 37255
cert-vn VU#568372
confirm
debian DSA-1948
fedora
  • FEDORA-2009-13090
  • FEDORA-2009-13121
hp
  • HPSBUX02639
  • HPSBUX02859
  • SSRT100293
  • SSRT101144
mlist
  • [announce] 20091208 NTP 4.2.4p8 Released
  • [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
netbsd NetBSD-SA2010-005
sectrack 1023298
secunia
  • 37629
  • 37922
  • 38764
  • 38794
  • 38832
  • 38834
  • 39593
sunalert 1021781
vupen
  • ADV-2010-0510
  • ADV-2010-0528
  • ADV-2010-0993
Last major update 19-09-2017 - 01:29
Published 09-12-2009 - 18:30
Back to Top