SOL9889 - NTP vulnerability CVE-2009-0021

ID SOL9889
Type f5
Reporter f5
Modified 2013-03-25T00:00:00



NTP may not properly check the return value from the OpenSSL EVP_VerifyFinal function, which may allow a remote attacker to bypass validation of the certificate chain by way of a malformed SSL/TLS signature for DSA and ECDSA keys.

Note: This is a similar vulnerability to CVE-2008-5077. For information about CVE-2008-5077, refer to SOL9762: OpenSSL vulnerability - CVE-2008-5077.

Information about this advisory is available at the following location:

Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.


The FirePass, BIG-IP, and WebAccelerator products listed use a vulnerable version of NTP; however, these products are not subject to this vulnerability because, by default, these products do not use DSA and ECDSA certificates and keys for NTP.

F5 Product Development is tracking a change request to upgrade the NTP version used as CR115608 for FirePass and BIG-IP products.