K10905 : NTP vulnerability - CVE-2009-3563

Security Advisory Description

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5 security vulnerability response policy.

F5 products and versions that _have been evaluated for _this Security Advisory

*1.2.0 - 1.8.0
*2.0.0

| 2.1.0
2.2.x
2.3.x
3.x
ARX| None| 2.x
3.x
4.x
5.x
6.x

*F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of NTP. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if NTP was manually configured and enabled to be an update server.

Vulnerability description

An ntpd vulnerability in NTP allows a remote attacker to cause a denial of service (DOS).

Information about this advisory is available at the following location:

<https://vulners.com/cve/CVE-2009-3563&gt;

F5 Development tracked this issue as ID 241719 (Formerly CR131466) and it was fixed in BIG-IP 10.2.0. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, Link Controller, PSM, WebAccelerator, APM, WOM, or Edge Gateway release notes.