6.4

CVE-2009-3563

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version <= 4.2.2p4
NtpNtp Version4.0.72
NtpNtp Version4.0.73
NtpNtp Version4.0.90
NtpNtp Version4.0.91
NtpNtp Version4.0.92
NtpNtp Version4.0.93
NtpNtp Version4.0.94
NtpNtp Version4.0.95
NtpNtp Version4.0.96
NtpNtp Version4.0.97
NtpNtp Version4.0.98
NtpNtp Version4.0.99
NtpNtp Version4.1.0
NtpNtp Version4.1.2
NtpNtp Version4.2.0
NtpNtp Version4.2.2
NtpNtp Version4.2.2p1
NtpNtp Version4.2.2p2
NtpNtp Version4.2.2p3
NtpNtp Version4.2.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 32.29% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/38794
http://www.vupen.com/english/advisories/2010/0528
http://secunia.com/advisories/38834
http://marc.info/?l=bugtraq&m=136482797910018&w=2
https://rhn.redhat.com/errata/RHSA-2009-1651.html
http://secunia.com/advisories/37922
http://secunia.com/advisories/38832
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://marc.info/?l=bugtraq&m=130168580504508&w=2
http://secunia.com/advisories/37629
http://secunia.com/advisories/38764
http://secunia.com/advisories/39593
http://security-tracker.debian.org/tracker/CVE-2009-3563
http://securitytracker.com/id?1023298
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
http://support.avaya.com/css/P8/documents/100071808
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
Patch
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
http://www.debian.org/security/2009/dsa-1948
Patch
http://www.kb.cert.org/vuls/id/568372
Patch
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
http://www.securityfocus.com/bid/37255
Patch
http://www.vupen.com/english/advisories/2010/0510
http://www.vupen.com/english/advisories/2010/0993
https://bugzilla.redhat.com/show_bug.cgi?id=531213
https://lists.ntp.org/pipermail/announce/2009-December/000086.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
https://rhn.redhat.com/errata/RHSA-2009-1648.html
https://support.ntp.org/bugs/show_bug.cgi?id=1331
https://www.kb.cert.org/vuls/id/417980
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html