Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15050
HistoryDec 12, 2009 - 12:00 a.m.

NTP MODE_PRIVATE报文远程拒绝服务漏洞

2009-12-1200:00:00
Root
www.seebug.org
22

0.966 High

EPSS

Percentile

99.5%

JSON

BUGTRAQ ID: 37255
CVE ID: CVE-2009-3563

NTP(Network Time Protocol)是用于通过网络同步计算机时钟的协议。

ntpdc查询和控制工具使用NTP模式7(MODE_PRIVATE),ntpq使用NTP模式6(MODE_CONTROL),而例程NTP时间传输使用模式1到5。在从非restrict … noquery或restrict … ignore网段所列出的地址接收到错误的模式7请求或模式7错误响应时,ntpd会回复模式7出错响应并记录一条消息日志。如果攻击者能够在发送给主机 B的模式7响应报文中伪造ntpd主机A的源地址,则只要报文还可以通过主机A和B都会连续的向彼此发送出错响应;如果攻击者可以在发送给ntpd主机A 的模式7响应报文中伪造ntpd主机A的地址,主机A就会无限的响应其本身,耗尽CPU资源并生成过多日志。

University of Delaware NTP 4.2.x
临时解决方法:

  • 使用ntp.conf配置文件的restrict … noquery或restrict … ignore选项限制源地址。
  • 过滤指定了源和目标端口123的NTP模式7报文。

厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1948-1)以及相应补丁:
DSA-1948-1:New ntp packages fix denial of service
链接:http://www.debian.org/security/2009/dsa-1948

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc
Size/MD5 checksum: 906 115e93f010e32aa1c90231461487503a
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2199764 ad746cda2d90dbb9ed06fe164273c5d0
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz
Size/MD5 checksum: 182632 80aa236bd0a39096c5e5d462c0b9b279

Architecture independent packages:

http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28596 df605f89c08a01116c2ff799777f6a2c
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 28594 0c683ac7e7f5b131515f956aed87de3d
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb
Size/MD5 checksum: 912886 1af5a623cbf5f145f34dab7beefcd183

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 408070 ca33235c58a26ad1a839084b4f2d385c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb
Size/MD5 checksum: 65056 e527eb4c93d427c025374805fb5288cb

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 62258 13a4f4faaf699913e421c093e598f2a9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb
Size/MD5 checksum: 359384 1a289aa1f8439e2ef736cbf29bbe140f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 59784 8a84cae4e8f643cbd3ed684e5a7eb0ff
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb
Size/MD5 checksum: 344316 57066e8abfdf51c36d63600c993f3c20

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 372448 0b8f9b90bb03a2f572066fe8b47c7202
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb
Size/MD5 checksum: 62160 88dc964fa357187ddc97d37513a863ba

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 58316 90fc92e7a8f6582ee21076849ae0dfba
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb
Size/MD5 checksum: 333772 e5fbae24686d444fff118f3ce9cc45db

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 523358 0032e3c9bcb4a27a312a47fb95d1f9a1
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb
Size/MD5 checksum: 74712 72c1b601f4beb41c6c04a54534ba9c51

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 382868 2980d63a9ca6344e6a76698d0e808f8c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb
Size/MD5 checksum: 63610 d523930b9b98d6353bf4e6fb7d7e57f5

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 64134 e4042de5af081701911a7cece69c6cce
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb
Size/MD5 checksum: 390142 b50dc2bd5970f224b6994c460f8f560a

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb
Size/MD5 checksum: 358860 432b58ad621ac266455f7e5124d2eb1c
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb
Size/MD5 checksum: 61760 2c9dd1b3a8d61bece4f420e533b7a6eb

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb
Size/MD5 checksum: 350300 40a28748d5016101c179bd4a22c08390
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb
Size/MD5 checksum: 61242 14c08344bfd0561ced0d54aa2cd23a2e

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb
Size/MD5 checksum: 58584 0e573ef22b1514b12e01fa6ac2bb1ddb
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb
Size/MD5 checksum: 332284 4589ff44bc97ad73513d8ba5419c7845

Debian GNU/Linux 5.0 alias lenny

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc
Size/MD5 checksum: 1459 81e70fe84f27e3bfabdbfb9f3122492b
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5 checksum: 2835029 dc2b3ac9cc04b0f29df35467514c9884
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz
Size/MD5 checksum: 300928 b568f39eda3e46f27239ad44021f968c

Architecture independent packages:

http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb
Size/MD5 checksum: 927658 8db03976b7b105057ead2da4bae09219

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb
Size/MD5 checksum: 66706 9213dcba9a99fa363f0ce48c514a008b
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb
Size/MD5 checksum: 538492 de37b288ef933f34446ab78a8d8ed76b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb
Size/MD5 checksum: 63836 a0b5b030abe6a6c32591366febcec1d1
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb
Size/MD5 checksum: 479472 277efe45a76a24da6ca14ae581d0a3a2

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb
Size/MD5 checksum: 61220 d4905eea52795330e517acca903059f4
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb
Size/MD5 checksum: 448164 cc28e545eb359eba225abfcb02cc4377

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb
Size/MD5 checksum: 62794 e5a43b8076a77643cc742348f0e63de1
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb
Size/MD5 checksum: 458908 3721b8d7b7a67b31db6249521dd9f015

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb
Size/MD5 checksum: 63872 53a7009f1888c06b162c258a9bb5d6fb
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb
Size/MD5 checksum: 485744 b8e950ba02a13ecacfe332db56c0c887

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb
Size/MD5 checksum: 434672 6ccfb060f39cc56f39ef8806865b767d
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb
Size/MD5 checksum: 60114 2f0914ae2191ddf3f74529bc896299da

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb
Size/MD5 checksum: 707812 eb960c732894d56589ba62d76c5ba568
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb
Size/MD5 checksum: 76366 6b5b986e454276661e8b483f095bd16e

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb
Size/MD5 checksum: 64116 ab287c70d2c2daf7b1a8808db8dcedc9
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb
Size/MD5 checksum: 490394 0009cb5333123767dc3afcde682d9e10

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb
Size/MD5 checksum: 500786 3b842b738e616f301c31cd025c595235
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb
Size/MD5 checksum: 64776 fd31cdaa7a78d7e3fa072b746dd98e01

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb
Size/MD5 checksum: 490620 21d03b435c327c2884fe587a56fe10fb
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb
Size/MD5 checksum: 65470 6966f71002ae63c104e608af1a7daa3a

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb
Size/MD5 checksum: 63678 4b143ad2444681bdb1ee44d395996a29
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb
Size/MD5 checksum: 474000 6fb44a33381b0d582599eb33896d8f0f

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件:

wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:

dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

    首先,使用下面的命令更新内部数据库:

    apt-get update

    然后,使用下面的命令安装更新软件包:

    apt-get upgrade

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2009:1648-01)以及相应补丁:
RHSA-2009:1648-01:Moderate: ntp security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1648.html

University of Delaware

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.ntp.org/downloads.html

Related

f5 3
openvas 38
nessus 51
veracode 1
securityvulns 3
debian 2
redhat 3
cert 2
gentoo 1
cisco 1
freebsd_advisory 1
fedora 3
prion 2
ubuntucve 2
debiancve 2
centos 2
checkpoint_advisories 2
oraclelinux 2
slackware 1
cve 2
ubuntu 1
redhatcve 1
osv 1
vmware 4
f5
f5
SOL10905 - NTP vulnerability - CVE-2009-3563
2010-01-04 00:00:00
K000139026 : NTP vulnerability CVE-2009-3563
2024-03-25 00:00:00
K10905 : NTP vulnerability - CVE-2009-3563
2013-07-05 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-10:02.ntpd.asc)
2010-01-11 00:00:00
Slackware Advisory SSA:2009-343-01 ntp
2012-09-11 00:00:00
Debian Security Advisory DSA 1948-1 (ntp)
2009-12-14 00:00:00
nessus
nessus
Solaris 10 (sparc) : 143725-01
2018-03-12 00:00:00
AIX 6.1 TL 2 : xntpd (IZ71613)
2013-01-24 00:00:00
AIX 5.3 TL 11 : xntpd (IZ71610)
2013-01-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:01
securityvulns
securityvulns
ntp server DoS
2009-12-09 00:00:00
[USN-867-1] Ntp vulnerability
2009-12-09 00:00:00
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-05 00:00:00
debian
debian
[SECURITY] [DSA 1948-1] New ntp packages fix denial of service
2009-12-08 19:07:15
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-04 17:38:45
redhat
redhat
(RHSA-2009:1648) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2009:1651) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
cert
cert
NTP mode 7 denial-of-service vulnerability
2009-12-08 00:00:00
Implementations of UDP-based application protocols are vulnerable to network loops
2024-03-19 00:00:00
gentoo
gentoo
NTP: Denial of service
2010-01-03 00:00:00
cisco
cisco
Network Time Protocol Package Remote Message Loop Denial of Service Vulnerability
2009-12-08 22:33:40
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:02.ntpd
2010-01-06 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12
2009-12-11 18:14:28
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11
2009-12-11 18:23:49
[SECURITY] Fedora 10 Update: ntp-4.2.4p7-2.fc10
2009-12-11 18:32:53
prion
prion
Code injection
2009-12-09 18:30:00
Sql injection
2010-02-08 20:30:00
ubuntucve
ubuntucve
CVE-2009-3563
2009-12-08 00:00:00
CVE-2010-0292
2010-02-08 00:00:00
debiancve
debiancve
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2010-02-08 20:30:00
centos
centos
ntp security update
2009-12-08 22:33:14
ntp security update
2009-12-08 22:18:02
checkpoint_advisories
checkpoint_advisories
Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
2009-01-25 00:00:00
Multiple Vendors NTP Mode 7 Denial of Service (CVE-2009-3563)
2010-02-02 00:00:00
oraclelinux
oraclelinux
ntp security update
2009-12-08 00:00:00
ntp security update
2009-12-08 00:00:00
slackware
slackware
[slackware-security] ntp
2009-12-10 08:39:43
cve
cve
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2010-02-08 20:30:00
ubuntu
ubuntu
Ntp vulnerability
2009-12-08 00:00:00
redhatcve
redhatcve
CVE-2024-2169
2024-04-02 20:21:52
osv
osv
chrony - denial of service
2010-02-04 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

0.966 High

EPSS

Percentile

99.5%

JSON
Related for SSV:15050
f53openvas38nessus51veracode1securityvulns3debian2redhat3cert2gentoo1cisco1freebsd_advisory1fedora3prion2ubuntucve2debiancve2centos2checkpoint_advisories2oraclelinux2slackware1cve2ubuntu1redhatcve1osv1vmware4