Vulnerability Name:

CVE-2009-3563 (CCN-54650)

Assigned:2009-12-08
Published:2009-12-08
Updated:2017-09-19
Summary:ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: NETBSD
Type: UNKNOWN
NetBSD-SA2010-005

Source: CONFIRM
Type: UNKNOWN
http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074

Source: MITRE
Type: CNA
CVE-2009-3563

Source: CCN
Type: HP Security Bulletin HPSBTU02496 SSRT090245
HP Tru64 UNIX Running NTP, Denial of Service (DoS)

Source: CCN
Type: HP Security Bulletin HPSBOV02497 SSRT090245 rev.1
HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

Source: CCN
Type: VMware Security Announcements
VMSA-2010-0004 ESX Service Console and vMA third party updates

Source: MLIST
Type: UNKNOWN
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

Source: CCN
Type: VMSA-2010-0009
ESXi utilities and ESX Service Console third party updates

Source: HP
Type: UNKNOWN
HPSBUX02639

Source: HP
Type: UNKNOWN
SSRT101144

Source: CCN
Type: RHSA-2009-1648
Moderate: ntp security update

Source: CCN
Type: RHSA-2009-1651
Moderate: ntp security update

Source: CCN
Type: SA37629
NTP Mode 7 Request Denial of Service

Source: SECUNIA
Type: UNKNOWN
37629

Source: CCN
Type: SA37871
Nortel CS1000 NTP Mode 7 Request Denial of Service

Source: CCN
Type: SA37922
Avaya Products Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
37922

Source: CCN
Type: SA38009
Sun Solaris NTP Mode 7 Request Denial of Service

Source: CCN
Type: SA38038
F5 Products NTP Mode 7 Request Denial of Service

Source: CCN
Type: SA38421
Avaya CMS Solaris NTP Mode 7 Request Denial of Service

Source: CCN
Type: SA38764
IBM AIX NTP Mode 7 Request Denial of Service

Source: SECUNIA
Type: UNKNOWN
38764

Source: CCN
Type: SA38794
VMware vMA Update for Multiple Packages

Source: SECUNIA
Type: UNKNOWN
38794

Source: CCN
Type: SA38832
VMware ESX Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
38832

Source: CCN
Type: SA38834
VMware ESX Server 4 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
38834

Source: CCN
Type: SA39066
HP TCP/IP Services for OpenVMS NTP Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
39593

Source: CCN
Type: SA39920
VMware vMA kernel Multiple Vulnerabilities

Source: CCN
Type: SA39972
VMware ESXi ntp Mode 7 Request Denial of Service

Source: CCN
Type: SA39973
VMware ESX Multiple krb5 Vulnerabilities

Source: CCN
Type: SA39974
VMware ESX GCC libtool Search Path Privilege Escalation Security Issue

Source: CCN
Type: SA39975
VMware ESX gzip unlzw() Integer Underflow Vulnerability

Source: CCN
Type: SA39976
VMware vMA OpenSSL CRYPTO_free_all_ex_data() Memory Leak Vulnerability

Source: CCN
Type: SA39977
VMware vMA Multiple krb5 Vulnerabilities

Source: CCN
Type: SA39979
VMware vMA GCC libtool Search Path Privilege Escalation Security Issue

Source: CCN
Type: SA39980
VMware vMA gzip unlzw() Integer Underflow Vulnerability

Source: CCN
Type: SA39981
VMware vMA sudo Privilege Escalation Security Issues

Source: CCN
Type: SA41697
HP Tru64 UNIX NTP Mode 7 Request Denial of Service

Source: CCN
Type: SA43990
HP-UX XNTP Denial of Service Vulnerability

Source: CCN
Type: SA47257
Oracle Sun System Firmware Network Time Protocol Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://security-tracker.debian.org/tracker/CVE-2009-3563

Source: CCN
Type: SECTRACK ID: 1023298
NTP Mode 7 Packet Processing Flaw Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1023298

Source: SUNALERT
Type: UNKNOWN
1021781

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/css/P8/documents/100071808

Source: CCN
Type: ASA-2010-024
A Security Vulnerability in the ntp Daemon (xntpd(1M)) May Lead to a Denial of the Solaris Network Time Protocol(NTP) Service (Sun 275590)

Source: CCN
Type: Nortel Enterprise Response to VU#568372
Potential DoS using ntpd from xntp2

Source: CONFIRM
Type: Patch
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode

Source: AIXAPAR
Type: UNKNOWN
IZ68659

Source: CCN
Type: IBM APAR IZ68659
NTP MODE 7 VULNERABILITY IN AIX 5.3 /AIX 6.1

Source: AIXAPAR
Type: UNKNOWN
IZ71047

Source: CCN
Type: IBM APAR IZ71047
NTP MODE 7 VULNERABILITY IN AIX 5.3 /AIX 6.1

Source: DEBIAN
Type: Patch
DSA-1948

Source: DEBIAN
Type: DSA-1948
ntp -- denial of service

Source: DEBIAN
Type: DSA-1992
chrony -- several vulnerabilities

Source: CCN
Type: GLSA-201001-01
NTP: Denial of Service

Source: CCN
Type: US-CERT VU#568372
NTP mode 7 denial-of-service vulnerability

Source: CCN
Type: Vulnerability Note VU#568372
NTP mode 7 denial-of-service vulnerability

Source: CERT-VN
Type: Patch, US Government Resource
VU#568372

Source: CONFIRM
Type: UNKNOWN
http://www.kb.cert.org/vuls/id/MAPG-7X7V6J

Source: CONFIRM
Type: UNKNOWN
http://www.kb.cert.org/vuls/id/MAPG-7X7VD7

Source: CCN
Type: NTP Web site
NTP Software Downloads

Source: CCN
Type: OSVDB ID: 60847
NTP ntpd Mode 7 Request Crafted Packet Reply Loop Remote DoS

Source: CCN
Type: OSVDB ID: 62141
Chrony chronyd cmdmon Packet Handling Remote DoS

Source: BID
Type: Patch
37255

Source: CCN
Type: BID-37255
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability

Source: CCN
Type: USN-867-1
Ntp vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-0510

Source: VUPEN
Type: UNKNOWN
ADV-2010-0528

Source: VUPEN
Type: UNKNOWN
ADV-2010-0993

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=531213

Source: XF
Type: UNKNOWN
ntp-mode7-dos(54650)

Source: MLIST
Type: UNKNOWN
[announce] 20091208 NTP 4.2.4p8 Released

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11225

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12141

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:19376

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7076

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1648

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1651

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0095

Source: CCN
Type: NTP Bugzilla
DoS with mode 7 packets (CVE-2009-3563)

Source: CONFIRM
Type: UNKNOWN
https://support.ntp.org/bugs/show_bug.cgi?id=1331

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-13090

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-13121

Source: SUSE
Type: SUSE-SR:2009:020
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ntp:ntp:4.0.72:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.73:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.90:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.91:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.92:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.93:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.94:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.95:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.96:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.97:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.98:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.0.99:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*
  • OR cpe:/a:ntp:ntp:*:*:*:*:*:*:*:* (Version <= 4.2.2p4)
  • OR cpe:/a:ntp:ntp:4.2.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ntp:ntp:4.2.4:p7:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:tcp_ip_services_openvms:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/a:vmware:esx_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:vma:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20093563
    V
    		CVE-2009-3563
    2022-05-20
    oval:org.mitre.oval:def:29266
    P
    		RHSA-2009:1648 -- ntp security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:19376
    V
    		HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
    2015-04-20
    oval:org.mitre.oval:def:7379
    P
    		DSA-1948 ntp -- denial of service
    2015-02-23
    oval:org.mitre.oval:def:13488
    P
    		USN-867-1 -- ntp vulnerability
    2014-06-30
    oval:org.mitre.oval:def:7310
    P
    		DSA-1992 chrony -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:12783
    P
    		DSA-1992-1 chrony -- several
    2014-06-23
    oval:org.mitre.oval:def:17673
    P
    		DSA-1948-1 ntp - denial of service
    2014-06-23
    oval:org.mitre.oval:def:23033
    P
    		ELSA-2009:1648: ntp security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:7076
    V
    		NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
    2014-01-20
    oval:org.mitre.oval:def:11225
    V
    		ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
    2013-04-29
    oval:org.mitre.oval:def:12141
    V
    		AIX xntpd denial-of-service vulnerability
    2011-01-10
    oval:com.redhat.rhsa:def:20091648
    P
    		RHSA-2009:1648: ntp security update (Moderate)
    2009-12-08
    oval:com.redhat.rhsa:def:20091651
    P
    		RHSA-2009:1651: ntp security update (Moderate)
    2009-12-08
    oval:org.debian:def:1948
    V
    		denial of service
    2009-12-08
    BACK
    ntp ntp 4.0.72
    ntp ntp 4.0.73
    ntp ntp 4.0.90
    ntp ntp 4.0.91
    ntp ntp 4.0.92
    ntp ntp 4.0.93
    ntp ntp 4.0.94
    ntp ntp 4.0.95
    ntp ntp 4.0.96
    ntp ntp 4.0.97
    ntp ntp 4.0.98
    ntp ntp 4.0.99
    ntp ntp 4.1.0
    ntp ntp 4.1.2
    ntp ntp 4.2.0
    ntp ntp 4.2.2
    ntp ntp 4.2.2p1
    ntp ntp 4.2.2p2
    ntp ntp 4.2.2p3
    ntp ntp *
    ntp ntp 4.2.5
    ntp ntp 4.2.4 p7
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    ibm aix 6.1
    redhat enterprise linux 3
    ibm aix 5.3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    hp tcp ip services openvms 5.6
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    vmware esx server 2.5.5
    canonical ubuntu 8.04
    vmware esx server 3.5
    vmware esx server 3.0.3
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    debian debian linux 5.0
    mandriva linux 2009.1
    mandriva linux 2009.1
    vmware esx server 4.0
    vmware vma 4.0
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010