CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
99.7%
NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition.
NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a “restrict ... noquery
” or “restrict ... ignore
” segment, ntpd will reply with a mode 7 error response and log a message.
If an attacker spoofs the source address of ntpd host A in a mode 7 response packet sent to ntpd host B, both A and B will continuously send each other error responses, for as long as those packets get through.
If an attacker spoofs an address of ntpd host A in a mode 7 response packet sent to ntpd host A, then host A will respond to itself endlessly, consuming CPU and logging excessively.
A remote, unauthenticated attacker may be able to cause a denial-of-service condition on a vulnerable NTP server.
Apply an update
This issue is addressed in NTP 4.2.4p8. Please check with your vendor for an update, or you may download NTP 4.2.4p8 from ntp.org.
Configure NTP to limit source addresses
By using “restrict ... noquery
” or “restrict ... ignore
” entries in the ntp.conf
file, ntpd can be configured to limit the source addresses to which it will respond.
Filter NTP mode 7 packets that specify source and destination port 123
In most cases, ntpdc mode 7 requests will have either a source or destination port of 123, but not both.
Use anti-spoofing IP address filters
RFC 2827 (BCP 38) describes network ingress filtering, which can prevent UDP traffic claiming to be from a local address from entering your network from an outside source. Some ISPs may employ unicast reverse path filtering (uRPF) to limit the spoofed traffic that can enter your network.
568372
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 26, 2009 Updated: October 27, 2009
Statement Date: October 27, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: December 13, 2009
Statement Date: December 02, 2009
Affected
Please find below our bug id details:
Cisco IOS and Cisco IOS XE Software (Cisco Bug ID: CSCtd75033)
Cisco Nexus Series Switches (Cisco Bug IDs: CSCsz81239, CSCtd15613, CSCtd15613)
Cisco Application Control Engine appliance (Cisco Bug ID: CSCsz93757)
Cisco Unified Communications Manager - Linux (Cisco Bug ID: CSCtc99277)
Cisco Telepresence Systems (Cisco Bug ID: CSCtc99290)
Cisco Wide Area Application Services (WAAS) (Cisco Bug ID: CSCtc99299)
Cisco Meeting Place Server (Cisco Bug ID: CSCtc99306)
Cisco Mobility Services Engine (Location Appliance) (Cisco Bug ID: CSCtc99318)
Cisco ACE XML Gateways (Cisco Bug ID: CSCtd15631)
Cisco IP Interoperability and Communications System (IPICS) (Cisco Bug ID: CSCtd15623)
Cisco MDS 9500 Series (Cisco Bug ID: CSCtd15595)
Cisco Digital Media Players (Cisco Bug ID: CSCtd15641)
Please see Cisco Vulnerability Alert 19540.
Notified: October 26, 2009 Updated: December 08, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://security-tracker.debian.org/tracker/CVE-2009-3563>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23568372 Feedback>).
Notified: October 26, 2009 Updated: December 10, 2009
Statement Date: December 10, 2009
Affected
We have not received a statement from the vendor.
Please see: <http://bugs.gentoo.org/show_bug.cgi?id=290881>.
Updated: December 16, 2009
Statement Date: December 15, 2009
Affected
We have not received a statement from the vendor.
we announced on Friday that our LANTIME NTP Time Server Appliances are affected as well:
Additionally, Meinberg provides an easy-to-use Windows installer for the reference implementation of NTP, i.e. we created an installer that installs the original ntpd from ntp.org on Windows machines. We also updated this installer to include 4.2.4p8 and nicknamed it “lennon” (in memory of the death of John Lennon, wo died on December 8th - the day when this vulnerability has been announced.
Notified: October 26, 2009 Updated: December 07, 2009
Statement Date: December 07, 2009
Affected
The NTP feature of the Neutrino operating system (version 6.4.1 and earlier) is vulnerable. This issue will be corrected in the upcoming Neutrino 6.4.2 operating system release. Please contact your QNX representative regarding earlier OS product releases.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: December 08, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: January 22, 2010
Statement Date: January 22, 2010
Affected
Solaris is impacted by CERT Vulnerability Note VU#568372: ‘NTP mode 7 denial-of-service vulnerability’. We have published Sun Alert 275590 for this issue.
<http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 29, 2009
Statement Date: October 29, 2009
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: December 09, 2009
Affected
We have not received a statement from the vendor.
Please see <http://www.ubuntu.com/usn/USN-867-1>.
Notified: October 26, 2009 Updated: April 27, 2010
Statement Date: March 23, 2010
Not Affected
CA has reviewed the VU#568372 information you have provided, and we have determined that CA products are NOT VULNERABLE.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: February 03, 2010
Statement Date: November 30, 2009
Not Affected
Extreme Products dont provide NTPD service. The devices only have NTP clients. Hence, the vulnerability VU#568372 is not applicable to Extreme Networks products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: July 22, 2011
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: April 05, 2010
Statement Date: March 29, 2010
Not Affected
The Microsoft W32time implementation does not use Mode 7.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: December 04, 2009
Statement Date: October 27, 2009
Not Affected
Peplink products are not vulnerable to this attack for the following reason:
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 28, 2009
Statement Date: October 28, 2009
Not Affected
We have confirmed that no SafeNet products are affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: October 26, 2009 Updated: October 26, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 92 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Harlan Stenn for reporting this vulnerability.
This document was written by Will Dormann, based on information provided by Harlan Stenn.
CVE IDs: | CVE-2009-3563 |
---|---|
Date Public: | 2009-12-08 Date First Published: |