Lucene search

PRIOn knowledge basePRION:CVE-2009-3563

HistoryDec 09, 2009 - 6:30 p.m.

Code injection

2009-12-0918:30:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

CPENameOperatorVersion
ntpeq<= 4.2.2p4
ntpeq4.2.2
ntpeq4.2.0
ntpeq4.0.98
ntpeq4.0.72
ntpeq4.0.90
ntpeq4.0.96
ntpeq4.0.93
ntpeq4.1.0
ntpeq4.1.2

Name	Operator	Version
ntp	eq	<= 4.2.2p4
ntp	eq	4.2.2
ntp	eq	4.2.0
ntp	eq	4.0.98
ntp	eq	4.0.72
ntp	eq	4.0.90
ntp	eq	4.0.96
ntp	eq	4.0.93
ntp	eq	4.1.0
ntp	eq	4.1.2

Rows per page:

1-10 of 211

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc

aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc

bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074

kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

lists.vmware.com/pipermail/security-announce/2010/000082.html

secunia.com/advisories/37629

secunia.com/advisories/37922

secunia.com/advisories/38764

secunia.com/advisories/38794

secunia.com/advisories/38832

secunia.com/advisories/38834

secunia.com/advisories/39593

security-tracker.debian.org/tracker/CVE-2009-3563

securitytracker.com/id?1023298

sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1

support.avaya.com/css/P8/documents/100071808

support.ntp.org/bin/view/Main/SecurityNotice

www-01.ibm.com/support/docview.wss?uid=isg1IZ68659

www-01.ibm.com/support/docview.wss?uid=isg1IZ71047

www.debian.org/security/2009/dsa-1948

www.kb.cert.org/vuls/id/568372

www.kb.cert.org/vuls/id/MAPG-7X7V6J

www.kb.cert.org/vuls/id/MAPG-7X7VD7

www.securityfocus.com/bid/37255

www.vupen.com/english/advisories/2010/0510

www.vupen.com/english/advisories/2010/0528

www.vupen.com/english/advisories/2010/0993

bugzilla.redhat.com/show_bug.cgi?id=531213

lists.ntp.org/pipermail/announce/2009-December/000086.html

marc.info/?l=bugtraq&m=130168580504508&w=2

marc.info/?l=bugtraq&m=136482797910018&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076

rhn.redhat.com/errata/RHSA-2009-1648.html

rhn.redhat.com/errata/RHSA-2009-1651.html

rhn.redhat.com/errata/RHSA-2010-0095.html

support.ntp.org/bugs/show_bug.cgi?id=1331

www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html

6.6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

Related for PRION:CVE-2009-3563