CVE-2009-3563
First published: Tue Oct 27 2009(Updated: )
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ntp | <0:4.1.2-6.el3 | 0:4.1.2-6.el3 |
| redhat/ntp | <0:4.2.0.a.20040617-8.el4_8.1 | 0:4.2.0.a.20040617-8.el4_8.1 |
| redhat/ntp | <0:4.2.2p1-9.el5_4.1 | 0:4.2.2p1-9.el5_4.1 |
| NTP | <=4.2.2p4 | |
| NTP | =4.0.72 | |
| NTP | =4.0.73 | |
| NTP | =4.0.90 | |
| NTP | =4.0.91 | |
| NTP | =4.0.92 | |
| NTP | =4.0.93 | |
| NTP | =4.0.94 | |
| NTP | =4.0.95 | |
| NTP | =4.0.96 | |
| NTP | =4.0.97 | |
| NTP | =4.0.98 | |
| NTP | =4.0.99 | |
| NTP | =4.1.0 | |
| NTP | =4.1.2 | |
| NTP | =4.2.0 | |
| NTP | =4.2.2 | |
| NTP | =4.2.2p1 | |
| NTP | =4.2.2p2 | |
| NTP | =4.2.2p3 | |
| NTP | =4.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=366233&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=366233&action=edit
- https://lists.ntp.org/pipermail/announce/2009-December/000086.html
- https://support.ntp.org/bugs/show_bug.cgi?id=1331
- https://rhn.redhat.com/errata/RHSA-2009-1648.html
- https://rhn.redhat.com/errata/RHSA-2009-1651.html
- http://admin.fedoraproject.org/updates/ntp-4.2.4p8-1.fc12
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-3.fc11
- http://admin.fedoraproject.org/updates/ntp-4.2.4p7-2.fc10
- https://bugzilla.redhat.com/show_bug.cgi?id=531213
- https://www.cve.org/CVERecord?id=CVE-2009-3563 https://nvd.nist.gov/vuln/detail/CVE-2009-3563
- https://access.redhat.com/errata/RHSA-2009:1651
- https://access.redhat.com/errata/RHSA-2009:1648
- https://access.redhat.com/security/cve/CVE-2009-3563
- http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://marc.info/?l=bugtraq&m=130168580504508&w=2
- http://marc.info/?l=bugtraq&m=136482797910018&w=2
- http://secunia.com/advisories/37629
- http://secunia.com/advisories/37922
- http://secunia.com/advisories/38764
- http://secunia.com/advisories/38794
- http://secunia.com/advisories/38832
- http://secunia.com/advisories/38834
- http://secunia.com/advisories/39593
- http://security-tracker.debian.org/tracker/CVE-2009-3563
- http://securitytracker.com/id?1023298
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
- http://support.avaya.com/css/P8/documents/100071808
- http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
- http://www.debian.org/security/2009/dsa-1948
- http://www.kb.cert.org/vuls/id/568372
- http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
- http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
- http://www.securityfocus.com/bid/37255
- http://www.vupen.com/english/advisories/2010/0510
- http://www.vupen.com/english/advisories/2010/0528
- http://www.vupen.com/english/advisories/2010/0993
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html
- https://www.kb.cert.org/vuls/id/417980
Frequently Asked Questions
What is the severity of CVE-2009-3563?
CVE-2009-3563 has a severity rating that indicates a denial of service vulnerability due to CPU and bandwidth consumption.
How do I fix CVE-2009-3563?
To fix CVE-2009-3563, upgrade to NTP versions that are patched—specifically 4.2.4p8 or later.
What software is affected by CVE-2009-3563?
CVE-2009-3563 affects various versions of the NTP daemon, specifically those prior to 4.2.4p8 and 4.2.5.
What type of attack does CVE-2009-3563 exploit?
CVE-2009-3563 exploits a vulnerability that allows remote attackers to send spoofed requests causing excessive resource consumption.
Is there a workaround for CVE-2009-3563 if I cannot upgrade?
If upgrading is not possible, restricting access to NTP services or implementing firewall rules may mitigate the risk associated with CVE-2009-3563.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3563
- agent/author
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/redhat
- vendor/ntp
- canonical/ntp
- version/ntp/4.2.2p4
- version/ntp/4.0.72
- version/ntp/4.0.73
- version/ntp/4.0.90
- version/ntp/4.0.91
- version/ntp/4.0.92
- version/ntp/4.0.93
- version/ntp/4.0.94
- version/ntp/4.0.95
- version/ntp/4.0.96
- version/ntp/4.0.97
- version/ntp/4.0.98
- version/ntp/4.0.99
- version/ntp/4.1.0
- version/ntp/4.1.2
- version/ntp/4.2.0
- version/ntp/4.2.2
- version/ntp/4.2.2p1
- version/ntp/4.2.2p2
- version/ntp/4.2.2p3
- version/ntp/4.2.5