Vulnerability Description
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntp | Ntp | <= 4.2.2p4 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
- http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://marc.info/?l=bugtraq&m=130168580504508&w=2
- http://marc.info/?l=bugtraq&m=136482797910018&w=2
- http://secunia.com/advisories/37629
- http://secunia.com/advisories/37922
- http://secunia.com/advisories/38764
- http://secunia.com/advisories/38794
- http://secunia.com/advisories/38832
- http://secunia.com/advisories/38834
- http://secunia.com/advisories/39593
FAQ
What is CVE-2009-3563?
CVE-2009-3563 is a vulnerability with a CVSS score of 6.4 (MEDIUM). ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) ...
How severe is CVE-2009-3563?
CVE-2009-3563 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3563?
Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.