The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

weakness CVE-2009-3563

NTP: denial of service

Synthesis of the vulnerability

A remote attacker can send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Severity of this announce: 2/4.
Creation date: 09/12/2009.
Références of this computer vulnerability: 025389-01, 1021781, 2009009932, 275590, 6902029, BID-37255, c01961950, c02737553, c03714526, CERTA-2010-AVI-002, CR131466, CVE-2009-3563, DSA-1948-1, FEDORA-2009-13046, FEDORA-2009-13090, FEDORA-2009-13121, FreeBSD-SA-10:02.ntpd, HPSBTU02496, HPSBUX02639, HPSBUX02859, IZ68659, IZ71047, IZ71071, IZ71093, IZ71608, IZ71610, IZ71611, IZ71613, IZ71614, MDVSA-2009:328, NetBSD-SA2010-005, PSN-2009-12-609, RHSA-2009:1648-01, RHSA-2009:1651-01, SOL10905, SSA:2009-343-01, SSRT090245, SSRT100293, SSRT101144, SUSE-SR:2009:020, VIGILANCE-VUL-9259, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VMSA-2010-0009, VMSA-2010-0009.1.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NTP protocol possess multiple modes of operation.

The MODE_PRIVATE mode is used by ntpdc to query the state of ntpd daemon. When ntpd receives an invalid MODE_PRIVATE request, it sends back a MODE_PRIVATE error. However, when ntpd receives a MODE_PRIVATE error, it sends it back to the sender generating a loop.

A remote attacker can therefore send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

This vulnerability announce impacts software or systems such as Avaya Ethernet Routing Switch, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Juniper J-Series, Junos OS, Mandriva Linux, Mandriva NF, Meinberg NTP Server, NetBSD, Nortel ESM, Nortel VPN Router, NLD, OES, NTP.org, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, ESX, ESXi.

Our Vigil@nce team determined that the severity of this cybersecurity threat is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat

NTP: version 4.2.4p8.
Version 4.2.4p8 is corrected:
  http://www.ntp.org/downloads.html

SPARC: patch for NTP.
A patch is available:
  Netra SPARC T3-1 : 147319-01
  Netra SPARC T3-1B : 147320-01
  SPARC T3-1 : 147315-01
  SPARC T3-1B : 147318-01
  SPARC T3-2 : 147316-01
  SPARC T3-4 : 147317-01

AIX: fix and APAR for NTP.
A fix is available:
  http://aix.software.ibm.com/aix/efixes/security/xntpd_fix.tar
  5.3.8 : IZ68659_08.100302.epkg.Z
  5.3.9 : IZ71093_09.100302.epkg.Z
  5.3.10 : IZ71608_10.100302.epkg.Z
  5.3.11 : IZ71610_11.100302.epkg.Z
  6.1.1 : IZ71611_01.100302.epkg.Z
  6.1.2 : IZ71613_02.100302.epkg.Z
  6.1.3 : IZ71614_03.100302.epkg.Z
  6.1.4 : IZ71071_04.100302.epkg.Z
An APAR will be available.

BIG-IP: solution for NTP.
A solution will be available.

Debian: new ntp packages.
New packages are available:
Debian GNU/Linux 4.0 alias etch:
  ntp_4.2.2.p4+dfsg-2etch4
Debian GNU/Linux 5.0 alias lenny:
  ntp_4.2.4p4+dfsg-8lenny3

Fedora: new ntp packages.
New packages are available:
  ntp-4.2.4p7-2.fc10
  ntp-4.2.4p7-3.fc11
  ntp-4.2.4p8-1.fc12

FreeBSD: patch for ntpd.
A patch is available:
  fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch
  fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc

HP-UX: patch for XNTP.
A patch is available:
  B.11.11 (11i v1) : PHNE_41907
  B.11.23 (11i v2) : PHNE_41908
  B.11.31 (11i v3) : PHNE_41177
http://itrc.hp.com/

HP-UX: XNTP version C.4.2.6.0.0.
The version C.4.2.6.0.0 is fixed:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUX-NTP
Patch PHNE_42470 also has to be installed.

JUNOS: workaround for NTP.
The Juniper announce indicates workarounds.

Mandriva: new ntp packages.
New packages are available:
Mandriva Linux 2008.0:
  ntp-4.2.4-10.3mdv2008.0
Mandriva Linux 2009.0:
  ntp-4.2.4-18.5mdv2009.0
Mandriva Linux 2009.1:
  ntp-4.2.4-22.3mdv2009.1
Mandriva Linux 2010.0:
  ntp-4.2.4-27.1mdv2010.0
Corporate 3.0:
  ntp-4.2.0-2.4.C30mdk
Corporate 4.0:
  ntp-4.2.0-21.7.20060mlcs4
Mandriva Enterprise Server 5:
  ntp-4.2.4-18.5mdvmes5
Multi Network Firewall 2.0:
  ntp-4.2.0-2.4.C30mdk

NetBSD: patch for NTP.
A patch is available in information sources.

NetBSD: version 5.0.2.
Version 5.0.2 is corrected:
  http://www.NetBSD.org/mirrors/

Nortel: solution for NTP.
The Nortel announce indicates vulnerable products and their solutions.

RHEL 3: new ntp packages.
New packages are available:
  ntp-4.1.2-6.el3

RHEL 4, 5: new ntp packages.
New packages are available:
RHEL 4:
  ntp-4.2.0.a.20040617-8.el4_8.1
RHEL 5:
  ntp-4.2.2p1-9.el5_4.1

Slackware: new ntp packages.
New packages are available:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/ntp-4.2.2p3-i386-2_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/ntp-4.2.2p3-i386-2_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/ntp-4.2.2p3-i486-2_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ntp-4.2.2p3-i486-2_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ntp-4.2.2p3-i486-2_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ntp-4.2.2p3-i486-2_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ntp-4.2.2p3-i486-3_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ntp-4.2.4p8-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ntp-4.2.4p8-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ntp-4.2.4p8-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.4p8-i486-1_slack13.0.txz

Solaris: patch for xntpd.
A patch is available:
SPARC Platform
  Solaris 8 : patch 109667-08
  Solaris 9 : patch 117143-02
  Solaris 10 (xntpd) : patch 127724-02
  Solaris 10 (ntpd) : patch 143725-01
  OpenSolaris : build snv_133
x86 Platform
  Solaris 8 : patch 109668-08
  Solaris 9 : patch 117144-02
  Solaris 10 (xntpd) : patch 127725-02
  Solaris 10 (ntpd) : patch 143726-01
  OpenSolaris : build snv_133

Sun SPARC: patch for NTP.
A patch is available for the firmware:
  SPARC T3-4 : 147317-01
  SPARC T3-2 : 147316-01
  SPARC T3-1B : 147318-01
  SPARC T3-1 : 147315-01
  Netra SPARC T3-1B : 147320-01
  Netra SPARC T3-1 : 147319-01
  Netra SPARC T3-1BA : 144609-07

SUSE: new packages (12/01/2010).
New packages are available, as indicated in information sources.

Tru64 UNIX: patch for NTP.
A patch is available:
HP Tru64 UNIX 5.1B-4 PK6 (BL27)
  T64KIT1001787-V51BB27-ES-20100817
  http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001787-V51BB27-ES-20100817
HP Tru64 UNIX 5.1B-5 PK7 (BL28)
  T64KIT1001786-V51BB28-ES-20100816
  http://www13.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001786-V51BB28-ES-20100816

VMware ESX, ESXi: patch.
A patch is available:
ESXi 4.0 :
  http://bit.ly/bjWeCV
  http://kb.vmware.com/kb/1021041
ESX 4.0 :
  http://bit.ly/aqTCqn
  http://kb.vmware.com/kb/1013127
ESXi 3.5 :
  http://download3.vmware.com/software/vi/ESXe350-201006401-O-SG.zip
  http://kb.vmware.com/kb/1020052
ESX 3.5 :
  http://download3.vmware.com/software/vi/ESX350-201006408-SG.zip
  http://kb.vmware.com/kb/1020172
  http://download3.vmware.com/software/vi/ESX350-201006405-SG.zip
  http://kb.vmware.com/kb/1020169
  http://download3.vmware.com/software/vi/ESX350-201006406-SG.zip
  http://kb.vmware.com/kb/1020170

VMware ESX: patch.
A patch is available:
ESX 4.0 :
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip
  http://kb.vmware.com/kb/1018403
  http://bit.ly/aqTCqn
  http://kb.vmware.com/kb/1013127
ESX 3.5 :
  http://download3.vmware.com/software/vi/ESX350-201006407-SG.zip
  http://kb.vmware.com/kb/1020171
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.