Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2009:1651
HistoryDec 08, 2009 - 12:00 a.m.

(RHSA-2009:1651) Moderate: ntp security update

2009-12-0800:00:00
access.redhat.com
25

0.965 High

EPSS

Percentile

99.6%

JSON

The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a referenced time source.

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)

A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq or, potentially, execute arbitrary code with
the privileges of the user running the ntpq command. (CVE-2009-0159)

All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.

OSVersionArchitecturePackageVersionFilename
RedHat3ppcntp< 4.1.2-6.el3ntp-4.1.2-6.el3.ppc.rpm

Related

nessus 70
openvas 71
centos 4
oraclelinux 4
fedora 3
f5 3
debian 2
veracode 2
securityvulns 5
cvelist 3
redhat 3
cve 3
slackware 1
checkpoint_advisories 2
nvd 3
ubuntu 1
debiancve 3
seebug 2
cert 1
gentoo 2
ubuntucve 3
prion 3
freebsd_advisory 1
cisco 1
freebsd 1
redhatcve 1
osv 1
nessus
nessus
RHEL 3 : ntp (RHSA-2009:1651)
2009-12-09 00:00:00
Scientific Linux Security Update : ntp on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 : ntp (CESA-2009:1651)
2009-12-09 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:1651 (ntp)
2009-12-14 00:00:00
CentOS Update for ntp CESA-2009:1651 centos3 i386
2011-08-09 00:00:00
CentOS Update for ntp CESA-2009:1651 centos3 i386
2011-08-09 00:00:00
centos
centos
ntp security update
2009-12-08 22:18:02
ntp security update
2009-12-08 22:33:14
ntp security update
2009-05-19 15:07:14
oraclelinux
oraclelinux
ntp security update
2009-12-08 00:00:00
ntp security update
2009-12-08 00:00:00
ntp security update
2009-05-18 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: ntp-4.2.4p7-2.fc10
2009-12-11 18:32:53
[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12
2009-12-11 18:14:28
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11
2009-12-11 18:23:49
f5
f5
SOL10905 - NTP vulnerability - CVE-2009-3563
2010-01-04 00:00:00
K10905 : NTP vulnerability - CVE-2009-3563
2013-07-05 00:00:00
K000139026 : NTP vulnerability CVE-2009-3563
2024-03-25 00:00:00
debian
debian
[SECURITY] [DSA 1948-1] New ntp packages fix denial of service
2009-12-08 19:07:15
[SECURITY] [DSA 1801-1] New ntp packages fix several vulnerabilities
2009-05-19 13:55:33
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:01
Stack-based Buffer Overflow
2020-04-10 00:32:10
securityvulns
securityvulns
ntp server DoS
2009-12-09 00:00:00
ntp client buffer overflow
2009-04-14 00:00:00
[USN-867-1] Ntp vulnerability
2009-12-09 00:00:00
cvelist
cvelist
CVE-2009-3563
2009-12-09 00:00:00
CVE-2009-0159
2009-04-14 15:00:00
CVE-2010-0292
2022-10-03 16:21:10
redhat
redhat
(RHSA-2009:1648) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2009:1039) Important: ntp security update
2009-05-18 00:00:00
(RHSA-2009:1040) Critical: ntp security update
2009-05-18 00:00:00
cve
cve
CVE-2009-3563
2009-12-09 18:30:00
CVE-2009-0159
2009-04-14 15:30:00
CVE-2010-0292
2022-10-03 16:21:10
slackware
slackware
[slackware-security] ntp
2009-12-10 08:39:43
checkpoint_advisories
checkpoint_advisories
Multiple Vendors NTP Mode 7 Denial of Service (CVE-2009-3563)
2010-02-02 00:00:00
Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
2009-01-25 00:00:00
nvd
nvd
CVE-2009-3563
2009-12-09 18:30:00
CVE-2009-0159
2009-04-14 15:30:00
CVE-2010-0292
2010-02-08 20:30:00
ubuntu
ubuntu
Ntp vulnerability
2009-12-08 00:00:00
debiancve
debiancve
CVE-2009-0159
2009-04-14 15:30:00
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2022-10-03 16:21:10
seebug
seebug
NTP ntpq命令远程栈溢出溢出漏洞
2009-04-13 00:00:00
NTP MODE_PRIVATE报文远程拒绝服务漏洞
2009-12-12 00:00:00
cert
cert
NTP mode 7 denial-of-service vulnerability
2009-12-08 00:00:00
gentoo
gentoo
NTP: Denial of service
2010-01-03 00:00:00
NTP: Remote execution of arbitrary code
2009-05-26 00:00:00
ubuntucve
ubuntucve
CVE-2009-3563
2009-12-08 00:00:00
CVE-2009-0159
2009-04-14 00:00:00
CVE-2010-0292
2010-02-08 00:00:00
prion
prion
Code injection
2009-12-09 18:30:00
Stack overflow
2009-04-14 15:30:00
Sql injection
2010-02-08 20:30:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:02.ntpd
2010-01-06 00:00:00
cisco
cisco
Network Time Protocol Package Remote Message Loop Denial of Service Vulnerability
2009-12-08 22:33:40
freebsd
freebsd
ntp -- stack-based buffer overflow
2009-05-06 00:00:00
redhatcve
redhatcve
CVE-2024-2169
2024-04-02 20:21:52
osv
osv
ntp - several vulnerabilities
2009-05-19 00:00:00

0.965 High

EPSS

Percentile

99.6%

JSON
Related for RHSA-2009:1651
nessus70openvas71centos4oraclelinux4fedora3f53debian2veracode2securityvulns5cvelist3redhat3cve3slackware1checkpoint_advisories2nvd3ubuntu1debiancve3seebug2cert1gentoo2ubuntucve3prion3freebsd_advisory1cisco1freebsd1redhatcve1osv1