← back
CVE-2009-3563

CVE-2009-3563

EPSS 32.3%
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.aschttp://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.aschttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=bugtraq&m=130168580504508&w=2http://marc.info/?l=bugtraq&m=136482797910018&w=2https://bugzilla.redhat.com/show_bug.cgi?id=531213http://secunia.com/advisories/37629http://secunia.com/advisories/37922http://secunia.com/advisories/38764