exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2009-3563

Status Candidate

Overview

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Related Files

HP Security Bulletin HPSBUX02859 SSRT101144 3
Posted May 15, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 3 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0159, CVE-2009-3563
MD5 | a36827eaa3f689f695beb167449ff2b5
HP Security Bulletin HPSBUX02859 SSRT101144 2
Posted Apr 12, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0159, CVE-2009-3563
MD5 | 082db02dcbf3c0af6e5f80cbc5c53db9
HP Security Bulletin HPSBUX02859 SSRT101144
Posted Mar 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2009-0158, CVE-2009-0159, CVE-2009-3563
MD5 | f111df3c200dc90354002b61f3ac8dfd
HP Security Bulletin HPSBUX02859 SSRT101144
Posted Mar 30, 2013
Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.

advisories | CVE-2009-0158, CVE-2009-0159, CVE-2009-3563
MD5 | f111df3c200dc90354002b61f3ac8dfd
HP Security Bulletin HPSBOV02497 SSRT090245 4
Posted Sep 23, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.

tags | advisory, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
MD5 | 111e4142e6b3a5f7d141c0e00e8b64db
HP Security Bulletin HPSBUX02639 SSRT100293
Posted Apr 1, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02639 SSRT100293 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2009-3563
MD5 | 791e29e9470d7a056733d8110be45ead
HP Security Bulletin HPSBTU02496 SSRT090245
Posted Oct 5, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBTU02496 SSRT090245 - A potential security vulnerability has been identified on the HP Tru64 Operating System when running NTP Server. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2009-3563
MD5 | f6abe7beeba7ee2b9647a820cca78702
VMware Security Advisory 2010-0004
Posted Mar 5, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.

tags | advisory, kernel
advisories | CVE-2009-2905, CVE-2008-4552, CVE-2008-4316, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-0590, CVE-2009-4022, CVE-2009-3560, CVE-2009-3720, CVE-2009-2904, CVE-2009-3563, CVE-2009-2695, CVE-2009-2849, CVE-2009-2695, CVE-2009-2908
MD5 | e7771d8406b79f65ee870397e15c5e8a
FreeBSD Security Advisory - ntpd Denial Of Service
Posted Jan 7, 2010
Site security.freebsd.org

FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.

tags | advisory, spoof
systems | freebsd
advisories | CVE-2009-3563
MD5 | 3c29961c0b015462befccbfa761fa138
Gentoo Linux Security Advisory 201001-1
Posted Jan 4, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201001-1 - A Denial of Service condition in ntpd can cause excessive CPU or bandwidth consumption. Robin Park and Dmitri Vinokurov discovered that ntp_request.c in ntpd does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host. Versions less than 4.2.4_p7-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2009-3563
MD5 | 194bbb7542bfbd18deac2242363493c2
Mandriva Linux Security Advisory 2009-328
Posted Dec 10, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-328 - Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. This update provides a solution to this vulnerability.

tags | advisory, remote, spoof
systems | linux, mandriva
advisories | CVE-2009-3563
MD5 | 507d0dd6a1ef582fae2c7f45966eea71
Ubuntu Security Notice 867-1
Posted Dec 9, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 867-1 - Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption.

tags | advisory, remote, denial of service, spoof
systems | linux, ubuntu
advisories | CVE-2009-3563
MD5 | a04f5382f6e0f55bfce52bbf6c594227
Debian Linux Security Advisory 1948-1
Posted Dec 9, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1948-1 - Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2009-3563
MD5 | 5c5ebb4dc32576d0ecb786bec49df9fa
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close