SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-3563

Date: (C)2009-12-09 (M)2024-03-26

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SUNALERT-1021781

SECTRACK-1023298

FEDORA-2009-13090

FEDORA-2009-13121

NetBSD-SA2010-005

https://lists.ntp.org/pipermail/announce/2009-December/000086.html

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

http://security-tracker.debian.org/tracker/CVE-2009-3563

http://support.avaya.com/css/P8/documents/100071808

http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode

http://www.kb.cert.org/vuls/id/MAPG-7X7V6J

http://www.kb.cert.org/vuls/id/MAPG-7X7VD7

https://bugzilla.redhat.com/show_bug.cgi?id=531213

https://support.ntp.org/bugs/show_bug.cgi?id=1331

oval:org.mitre.oval:def:11225

oval:org.mitre.oval:def:12141

oval:org.mitre.oval:def:19376

oval:org.mitre.oval:def:7076

oval:org.secpod.oval:def:300685
oval:org.secpod.oval:def:600276
oval:org.secpod.oval:def:600026
oval:org.secpod.oval:def:202075
...

© SecPod Technologies