The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

weakness CVE-2009-3563

NTP: denial of service

Synthesis of the vulnerability

A remote attacker can send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Severity of this announce: 2/4.
Creation date: 09/12/2009.
Références of this computer vulnerability: 025389-01, 1021781, 2009009932, 275590, 6902029, BID-37255, c01961950, c02737553, c03714526, CERTA-2010-AVI-002, CR131466, CVE-2009-3563, DSA-1948-1, FEDORA-2009-13046, FEDORA-2009-13090, FEDORA-2009-13121, FreeBSD-SA-10:02.ntpd, HPSBTU02496, HPSBUX02639, HPSBUX02859, IZ68659, IZ71047, IZ71071, IZ71093, IZ71608, IZ71610, IZ71611, IZ71613, IZ71614, MDVSA-2009:328, NetBSD-SA2010-005, PSN-2009-12-609, RHSA-2009:1648-01, RHSA-2009:1651-01, SOL10905, SSA:2009-343-01, SSRT090245, SSRT100293, SSRT101144, SUSE-SR:2009:020, VIGILANCE-VUL-9259, VMSA-2010-0004, VMSA-2010-0004.1, VMSA-2010-0004.2, VMSA-2010-0004.3, VMSA-2010-0009, VMSA-2010-0009.1.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The NTP protocol possess multiple modes of operation.

The MODE_PRIVATE mode is used by ntpdc to query the state of ntpd daemon. When ntpd receives an invalid MODE_PRIVATE request, it sends back a MODE_PRIVATE error. However, when ntpd receives a MODE_PRIVATE error, it sends it back to the sender generating a loop.

A remote attacker can therefore send a specially crafted NTP MODE_PRIVATE query in order to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

This vulnerability announce impacts software or systems such as Avaya Ethernet Routing Switch, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Juniper J-Series, Junos OS, Mandriva Linux, Mandriva NF, Meinberg NTP Server, NetBSD, Nortel ESM, Nortel VPN Router, NLD, OES,, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SLES, ESX, ESXi.

Our Vigil@nce team determined that the severity of this cybersecurity threat is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat

NTP: version 4.2.4p8.
Version 4.2.4p8 is corrected:

SPARC: patch for NTP.
A patch is available:
  Netra SPARC T3-1 : 147319-01
  Netra SPARC T3-1B : 147320-01
  SPARC T3-1 : 147315-01
  SPARC T3-1B : 147318-01
  SPARC T3-2 : 147316-01
  SPARC T3-4 : 147317-01

AIX: fix and APAR for NTP.
A fix is available:
  5.3.8 : IZ68659_08.100302.epkg.Z
  5.3.9 : IZ71093_09.100302.epkg.Z
  5.3.10 : IZ71608_10.100302.epkg.Z
  5.3.11 : IZ71610_11.100302.epkg.Z
  6.1.1 : IZ71611_01.100302.epkg.Z
  6.1.2 : IZ71613_02.100302.epkg.Z
  6.1.3 : IZ71614_03.100302.epkg.Z
  6.1.4 : IZ71071_04.100302.epkg.Z
An APAR will be available.

BIG-IP: solution for NTP.
A solution will be available.

Debian: new ntp packages.
New packages are available:
Debian GNU/Linux 4.0 alias etch:
Debian GNU/Linux 5.0 alias lenny:

Fedora: new ntp packages.
New packages are available:

FreeBSD: patch for ntpd.
A patch is available:

HP-UX: patch for XNTP.
A patch is available:
  B.11.11 (11i v1) : PHNE_41907
  B.11.23 (11i v2) : PHNE_41908
  B.11.31 (11i v3) : PHNE_41177

HP-UX: XNTP version C.
The version C. is fixed:
Patch PHNE_42470 also has to be installed.

JUNOS: workaround for NTP.
The Juniper announce indicates workarounds.

Mandriva: new ntp packages.
New packages are available:
Mandriva Linux 2008.0:
Mandriva Linux 2009.0:
Mandriva Linux 2009.1:
Mandriva Linux 2010.0:
Corporate 3.0:
Corporate 4.0:
Mandriva Enterprise Server 5:
Multi Network Firewall 2.0:

NetBSD: patch for NTP.
A patch is available in information sources.

NetBSD: version 5.0.2.
Version 5.0.2 is corrected:

Nortel: solution for NTP.
The Nortel announce indicates vulnerable products and their solutions.

RHEL 3: new ntp packages.
New packages are available:

RHEL 4, 5: new ntp packages.
New packages are available:

Slackware: new ntp packages.
New packages are available:

Solaris: patch for xntpd.
A patch is available:
SPARC Platform
  Solaris 8 : patch 109667-08
  Solaris 9 : patch 117143-02
  Solaris 10 (xntpd) : patch 127724-02
  Solaris 10 (ntpd) : patch 143725-01
  OpenSolaris : build snv_133
x86 Platform
  Solaris 8 : patch 109668-08
  Solaris 9 : patch 117144-02
  Solaris 10 (xntpd) : patch 127725-02
  Solaris 10 (ntpd) : patch 143726-01
  OpenSolaris : build snv_133

Sun SPARC: patch for NTP.
A patch is available for the firmware:
  SPARC T3-4 : 147317-01
  SPARC T3-2 : 147316-01
  SPARC T3-1B : 147318-01
  SPARC T3-1 : 147315-01
  Netra SPARC T3-1B : 147320-01
  Netra SPARC T3-1 : 147319-01
  Netra SPARC T3-1BA : 144609-07

SUSE: new packages (12/01/2010).
New packages are available, as indicated in information sources.

Tru64 UNIX: patch for NTP.
A patch is available:
HP Tru64 UNIX 5.1B-4 PK6 (BL27)
HP Tru64 UNIX 5.1B-5 PK7 (BL28)

VMware ESX, ESXi: patch.
A patch is available:
ESXi 4.0 :
ESX 4.0 :
ESXi 3.5 :
ESX 3.5 :

VMware ESX: patch.
A patch is available:
ESX 4.0 :
ESX 3.5 :
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.