CVE-2009-3563

Executive Summary

Informations
Name	CVE-2009-3563	First vendor Publication	2009-12-09
Vendor	Cve	Last vendor Modification	2011-07-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7076

Oval ID:	oval:org.mitre.oval:def:7076
Title:	NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
Description:	ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3563	Version:	3
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005404-SG is not installed

Definition Id: oval:org.mitre.oval:def:12141

Oval ID:	oval:org.mitre.oval:def:12141
Title:	AIX xntpd denial-of-service vulnerability
Description:	ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3563	Version:	3
Platform(s):	IBM AIX 5.3 IBM AIX 6.1	Product(s):
Definition Synopsis:
OS 5.3.08 check IBM AIX 5300-08 is installed AND Fileset bos.net.tcp.client is greater than or equal 5.3.8.0 AND bos.net.tcp.client is less than or equal to 5.3.8.11 AND NOT APAR IZ68659 is installed OR OS 5.3.9 version check IBM AIX 5300-09 is installed AND Fileset bos.net.tcp.client is greater than or equal 5.3.9.0 AND Fileset bos.net.tcp.client is less than or equal to 5.3.9.7 AND NOT APAR IZ71093 is installed OR OS 5.3.10 version check NOT APR IZ71608 is installed AND Version of IBM AIX installed is 5300-10 AND Fileset bos.net.tcp.client is greater than or equal to 5.3.10.0 AND Fileset bos.net.tcp.client is less than or equal to 5.3.10.2 OR OS 5.3.11 version check IBM AIX installed is 5300-11 AND NOT APAR IZ71610 is installed AND Fileset bos.net.tcp.client is greater than or equal to version 5.3.11.0 AND Fileset bos.net.tcp.client is less than or equal to 5.3.11.2 OR OS 6.1.1 version check IBM AIX 6100-01 is installed AND NOT APAR IZ71611 is installed AND Fileset bos.net.tcp.client is greater than or equal 6.1.1.0 AND Fileset bos.net.tcp.client is less than or equal to 6.1.1.7 OR OS 6.1.2 version check IBM AIX 6100-02 is installed AND NOT APAR IZ71613 is installed AND Fileset bos.net.tcp.client is greater than or equal 6.1.2.0 AND Fileset bos.net.tcp.client is less than or equal to 6.1.2.6 OR OS 6.1.3 version check IBM AIX 6100-03 is installed AND NOT APAR IZ71614 is installed AND Fileset bos.net.tcp.client is greater than or equal to 6.1.3.0 AND Fileset bos.net.tcp.client is less than or equal to 6.1.3.3 OR OS 6.1.4 version check IBM AIX 6100-04 is installed AND NOT APAR IZ71614 is installed AND Fileset bos.net.tcp.client is greater than or equal to 6.1.4.0 AND Fileset bos.net.tcp.client is less than or equal to 6.1.4.3

Definition Id: oval:org.mitre.oval:def:11225

Oval ID:	oval:org.mitre.oval:def:11225
Title:	ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Description:	ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3563	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND ntp is earlier than 0:4.1.2-6.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND ntp is earlier than 0:4.2.0.a.20040617-8.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND ntp is earlier than 0:4.2.2p1-9.el5_4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ntp Ntp cpe:/a:ntp:ntp:4.2.5 cpe:/a:ntp:ntp:4.2.2p4 cpe:/a:ntp:ntp:4.2.2p3 cpe:/a:ntp:ntp:4.2.2p2 cpe:/a:ntp:ntp:4.2.2p1 cpe:/a:ntp:ntp:4.2.2 cpe:/a:ntp:ntp:4.2.0 cpe:/a:ntp:ntp:4.1.2 cpe:/a:ntp:ntp:4.1.0 cpe:/a:ntp:ntp:4.0.99 cpe:/a:ntp:ntp:4.0.98 cpe:/a:ntp:ntp:4.0.97 cpe:/a:ntp:ntp:4.0.96 cpe:/a:ntp:ntp:4.0.95 cpe:/a:ntp:ntp:4.0.94 cpe:/a:ntp:ntp:4.0.93 cpe:/a:ntp:ntp:4.0.92 cpe:/a:ntp:ntp:4.0.91 cpe:/a:ntp:ntp:4.0.90 cpe:/a:ntp:ntp:4.0.73 cpe:/a:ntp:ntp:4.0.72	21

Open Source Vulnerability Database (OSVDB)

id	Description
60847	NTP ntpd Mode 7 Request Crafted Packet Reply Loop Remote DoS

Metasploit Database

id	Description
2009-10-04	NTP.org ntpd Reserved Mode Denial of Service

Internal Sources (Detail)

Source	Url
AIXAPAR	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
BID	http://www.securityfocus.com/bid/37255
CERT-VN	http://www.kb.cert.org/vuls/id/568372
CONFIRM	http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074 http://security-tracker.debian.org/tracker/CVE-2009-3563 http://support.avaya.com/css/P8/documents/100071808 http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_N... http://www.kb.cert.org/vuls/id/MAPG-7X7V6J http://www.kb.cert.org/vuls/id/MAPG-7X7VD7 https://bugzilla.redhat.com/show_bug.cgi?id=531213
DEBIAN	http://www.debian.org/security/2009/dsa-1948
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0076... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0080...
MLIST	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
NETBSD	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
REDHAT	https://rhn.redhat.com/errata/RHSA-2009-1648.html https://rhn.redhat.com/errata/RHSA-2009-1651.html https://rhn.redhat.com/errata/RHSA-2010-0095.html
SECTRACK	http://securitytracker.com/id?1023298
SECUNIA	http://secunia.com/advisories/37629 http://secunia.com/advisories/37922 http://secunia.com/advisories/38764 http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://secunia.com/advisories/38834 http://secunia.com/advisories/39593
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
VUPEN	http://www.vupen.com/english/advisories/2010/0510 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0993

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:58:53	Multiple Updates

Type	Count
Oval ID(s)	3
CPE ID(s)	21
osvdb(s)	1
Metasploit Exploit(s)	1

Related	Severity
VMSA-2010-0009	(Critical)
VMSA-2010-0004	(Critical)
RHSA-2009:1651	(Medium)
HPSBUX02859 SSR...	(Medium)
HPSBOV02497 SSR...	(Medium)
VU#568372	(Medium)
USN-867-1	(Medium)
SUN-275590	(Medium)
RHSA-2009:1648	(Medium)
MDVSA-2009:328	(Medium)
HPSBUX02639 SSR...	(Medium)
HPSBTU02496 SSR...	(Medium)
GLSA-201001-01	(Medium)
DSA-1992	(Medium)
DSA-1948	(Medium)