CVE Vulnerabilities

CVE-2009-3563

Published: Dec 09, 2009 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Affected Software

Name Vendor Start Version End Version
Ntp Ntp * 4.2.2p4 (including)
Ntp Ntp 4.0.72 (including) 4.0.72 (including)
Ntp Ntp 4.0.73 (including) 4.0.73 (including)
Ntp Ntp 4.0.90 (including) 4.0.90 (including)
Ntp Ntp 4.0.91 (including) 4.0.91 (including)
Ntp Ntp 4.0.92 (including) 4.0.92 (including)
Ntp Ntp 4.0.93 (including) 4.0.93 (including)
Ntp Ntp 4.0.94 (including) 4.0.94 (including)
Ntp Ntp 4.0.95 (including) 4.0.95 (including)
Ntp Ntp 4.0.96 (including) 4.0.96 (including)
Ntp Ntp 4.0.97 (including) 4.0.97 (including)
Ntp Ntp 4.0.98 (including) 4.0.98 (including)
Ntp Ntp 4.0.99 (including) 4.0.99 (including)
Ntp Ntp 4.1.0 (including) 4.1.0 (including)
Ntp Ntp 4.1.2 (including) 4.1.2 (including)
Ntp Ntp 4.2.0 (including) 4.2.0 (including)
Ntp Ntp 4.2.2 (including) 4.2.2 (including)
Ntp Ntp 4.2.2p1 (including) 4.2.2p1 (including)
Ntp Ntp 4.2.2p2 (including) 4.2.2p2 (including)
Ntp Ntp 4.2.2p3 (including) 4.2.2p3 (including)
Ntp Ntp 4.2.5 (including) 4.2.5 (including)
Red Hat Enterprise Linux 3 RedHat ntp-0:4.1.2-6.el3 *
Red Hat Enterprise Linux 4 RedHat ntp-0:4.2.0.a.20040617-8.el4_8.1 *
Red Hat Enterprise Linux 5 RedHat ntp-0:4.2.2p1-9.el5_4.1 *
Ntp Ubuntu dapper *
Ntp Ubuntu devel *
Ntp Ubuntu hardy *
Ntp Ubuntu intrepid *
Ntp Ubuntu jaunty *
Ntp Ubuntu karmic *
Ntp Ubuntu upstream *

References