Executive Summary

Informations
NameCVE-2009-3563First vendor Publication2009-12-09
VendorCveLast vendor Modification2013-12-04

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7076
 
Oval ID: oval:org.mitre.oval:def:7076
Title: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19376
 
Oval ID: oval:org.mitre.oval:def:19376
Title: HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12141
 
Oval ID: oval:org.mitre.oval:def:12141
Title: AIX xntpd denial-of-service vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 3
Platform(s): IBM AIX 5.3
IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11225
 
Oval ID: oval:org.mitre.oval:def:11225
Title: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23033
 
Oval ID: oval:org.mitre.oval:def:23033
Title: ELSA-2009:1648: ntp security update (Moderate)
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: patch
Reference(s): ELSA-2009:1648-01
CVE-2009-3563
Version: 3
Platform(s): Oracle Linux 4
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application21

OpenVAS Exploits

DateDescription
2012-04-16Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09Name : CentOS Update for ntp CESA-2009:1648 centos4 i386
File : nvt/gb_CESA-2009_1648_ntp_centos4_i386.nasl
2011-08-09Name : CentOS Update for ntp CESA-2009:1648 centos5 i386
File : nvt/gb_CESA-2009_1648_ntp_centos5_i386.nasl
2011-08-09Name : CentOS Update for ntp CESA-2009:1651 centos3 i386
File : nvt/gb_CESA-2009_1651_ntp_centos3_i386.nasl
2011-06-06Name : HP-UX Update for XNTP HPSBUX02639
File : nvt/gb_hp_ux_HPSBUX02639.nasl
2010-02-10Name : Debian Security Advisory DSA 1992-1 (chrony)
File : nvt/deb_1992_1.nasl
2010-01-11Name : FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc)
File : nvt/freebsdsa_ntpd2.nasl
2010-01-07Name : Gentoo Security Advisory GLSA 201001-01 (ntp)
File : nvt/glsa_201001_01.nasl
2009-12-15Name : NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
File : nvt/ntp_37255.nasl
2009-12-14Name : CentOS Security Advisory CESA-2009:1648 (ntp)
File : nvt/ovcesa2009_1648.nasl
2009-12-14Name : CentOS Security Advisory CESA-2009:1651 (ntp)
File : nvt/ovcesa2009_1651.nasl
2009-12-14Name : Fedora Core 12 FEDORA-2009-13046 (ntp)
File : nvt/fcore_2009_13046.nasl
2009-12-14Name : Fedora Core 11 FEDORA-2009-13090 (ntp)
File : nvt/fcore_2009_13090.nasl
2009-12-14Name : Fedora Core 10 FEDORA-2009-13121 (ntp)
File : nvt/fcore_2009_13121.nasl
2009-12-14Name : RedHat Security Advisory RHSA-2009:1648
File : nvt/RHSA_2009_1648.nasl
2009-12-14Name : RedHat Security Advisory RHSA-2009:1651
File : nvt/RHSA_2009_1651.nasl
2009-12-14Name : Debian Security Advisory DSA 1948-1 (ntp)
File : nvt/deb_1948_1.nasl
0000-00-00Name : Slackware Advisory SSA:2009-343-01 ntp
File : nvt/esoft_slk_ssa_2009_343_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
60847NTP ntpd Mode 7 Request Crafted Packet Reply Loop Remote DoS

Snort® IPS/IDS

DateDescription
2014-01-10ntp mode 7 denial of service attempt
RuleID : 16350 - Revision : 5 - Type : SERVER-OTHER

Metasploit Database

idDescription
2009-10-04 NTP.org ntpd Reserved Mode Denial of Service

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2013-05-19Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_42470.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ68659.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71071.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71093.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71608.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71610.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71611.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71613.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ71614.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20091208_ntp_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41177.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41907.nasl - Type : ACT_GATHER_INFO
2011-04-04Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_41908.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xntp-6718.nasl - Type : ACT_GATHER_INFO
2010-06-01Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-19Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U832257.nasl - Type : ACT_GATHER_INFO
2010-03-05Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201001-01.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1948.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1992.nasl - Type : ACT_GATHER_INFO
2010-01-13Name : The remote SuSE system is missing a security patch for ntp
File : suse_11_1_ntp-091221.nasl - Type : ACT_GATHER_INFO
2010-01-13Name : The remote SuSE system is missing a security patch for ntp
File : suse_11_0_ntp-091211.nasl - Type : ACT_GATHER_INFO
2010-01-13Name : The remote SuSE system is missing a security patch for ntp
File : suse_11_2_ntp-091215.nasl - Type : ACT_GATHER_INFO
2010-01-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ntp-091211.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12559.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xntp-6719.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote Fedora host is missing a security update.
File : fedora_2009-13046.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote Fedora host is missing a security update.
File : fedora_2009-13090.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote Fedora host is missing a security update.
File : fedora_2009-13121.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote network time service has a denial of service vulnerability.
File : ntpd_mode7_ping_pong_dos.nasl - Type : ACT_GATHER_INFO
2009-12-11Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-343-01.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-328.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-867-1.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1648.nasl - Type : ACT_GATHER_INFO
2009-12-09Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1651.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
AIXAPARhttp://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
BIDhttp://www.securityfocus.com/bid/37255
CERT-VNhttp://www.kb.cert.org/vuls/id/568372
CONFIRMhttp://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
http://security-tracker.debian.org/tracker/CVE-2009-3563
http://support.avaya.com/css/P8/documents/100071808
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_N...
http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
https://bugzilla.redhat.com/show_bug.cgi?id=531213
DEBIANhttp://www.debian.org/security/2009/dsa-1948
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg0076...
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0080...
HPhttp://marc.info/?l=bugtraq&m=136482797910018&w=2
http://marc.info/?l=bugtraq&m=136482797910018&w=2
MLISThttp://lists.vmware.com/pipermail/security-announce/2010/000082.html
NETBSDftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
REDHAThttps://rhn.redhat.com/errata/RHSA-2009-1648.html
https://rhn.redhat.com/errata/RHSA-2009-1651.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
SECTRACKhttp://securitytracker.com/id?1023298
SECUNIAhttp://secunia.com/advisories/37629
http://secunia.com/advisories/37922
http://secunia.com/advisories/38764
http://secunia.com/advisories/38794
http://secunia.com/advisories/38832
http://secunia.com/advisories/38834
http://secunia.com/advisories/39593
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
VUPENhttp://www.vupen.com/english/advisories/2010/0510
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0993

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2014-02-17 10:51:54
  • Multiple Updates
2014-01-19 21:26:13
  • Multiple Updates
2013-12-05 17:19:04
  • Multiple Updates
2013-06-05 13:19:28
  • Multiple Updates
2013-05-10 23:58:53
  • Multiple Updates