This Metasploit module exploits a denial of service vulnerability within the NTP (network time protocol) demon. By sending a single packet to a vulnerable ntpd server (Victim A), spoofed from the IP address of another vulnerable ntpd server (Victim B), both victims will enter an infinite response loop. Note, unless you control the spoofed source host or the real remote host(s), you will not be able to halt the DoS condition once begun!
fd6bedd9499299150e84014f3a2923f488a7b7139a499468fb149fa3ecf238efHP Security Bulletin HPSBUX02859 SSRT101144 3 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 3 of this advisory.
97b32abdd8e39e1e5b9feabde6030395b429177c1152753dcdf6fc4a860b318bHP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.
665670bd5973873632baa834e8dbf771524847c5e81a9fb7b9cd98878e0d98cdHP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.
f111df3c200dc90354002b61f3ac8dfdHP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.
0746632b57a61b2a1e105c96a10c846b657feaa5332e287d785fe60802111b6cHP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.
276161f9b5defba94587895476977046f39846e30ab23de7e9fcec0f7db3fd13HP Security Bulletin HPSBUX02639 SSRT100293 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). Revision 1 of this advisory.
209e6b531e6c22cda77b1e56769e99de6243bf4ef18ae36023e84e520f5fadc9HP Security Bulletin HPSBTU02496 SSRT090245 - A potential security vulnerability has been identified on the HP Tru64 Operating System when running NTP Server. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
e4a5e456a00147c12f6eb69a4a1eb29db1b375101ad124280b982537fa3ec390VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.
0ae5770077c762418cfd24f3ee041e3030eda4c4cf779c13c8b5a0c5d3c879caFreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.
6af8830787a9323a386cf6b466d54a33fd445e418971f060d214c8f60640767fGentoo Linux Security Advisory 201001-1 - A Denial of Service condition in ntpd can cause excessive CPU or bandwidth consumption. Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host. Versions less than 4.2.4_p7-r1 are affected.
1b2edaa7561e84b805648479307d724c312fcbed1bcd89c92215cd97c06c3f13Mandriva Linux Security Advisory 2009-328 - Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. This update provides a solution to this vulnerability.
04933083a65371fdd2f4b01740b0e330568ee4a0a8655c66a0bda801808d0605Ubuntu Security Notice 867-1 - Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption.
6c30be182ae26f6df9a4ef44bce722030691c736b06b01afcfc2436788af8aa2Debian Linux Security Advisory 1948-1 - Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.
93a6af3f2f904141066f4c44555291616f560099115091d28c235a43e2444799
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed