Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:23967
HistoryApr 10, 2020 - 12:42 a.m.

Denial Of Service (DoS)

2020-04-1000:42:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
32

EPSS

0.966

Percentile

99.7%

JSON

The Network Time Protocol (NTP) is vulnerable to Denial Of Service (DoS). Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages.

References

Related

gentoo 1
openvas 38
seebug 1
nessus 51
cert 2
securityvulns 3
freebsd_advisory 1
metasploit 1
cisco 1
f5 3
redhat 3
debian 2
cvelist 2
packetstorm 1
centos 2
ubuntucve 2
debiancve 2
prion 2
fedora 3
checkpoint_advisories 2
oraclelinux 2
ubuntu 1
nvd 2
cve 2
slackware 1
redhatcve 1
osv 1
vmware 4
gentoo
gentoo
NTP: Denial of service
2010-01-03 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-1648)
2015-10-08 00:00:00
HP-UX Update for XNTP HPSBUX02639
2011-06-06 00:00:00
Gentoo Security Advisory GLSA 201001-01 (ntp)
2010-01-07 00:00:00
seebug
seebug
NTP MODE_PRIVATEζŠ₯ζ–‡θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2009-12-12 00:00:00
nessus
nessus
SuSE9 Security Update : xntp (YOU Patch Number 12559)
2009-12-21 00:00:00
SuSE 10 Security Update : xntp (ZYPP Patch Number 6718)
2010-10-11 00:00:00
AIX 5.3 TL 9 : xntpd (IZ71093)
2013-01-24 00:00:00
cert
cert
NTP mode 7 denial-of-service vulnerability
2009-12-08 00:00:00
Implementations of UDP-based application protocols are vulnerable to network loops
2024-03-19 00:00:00
securityvulns
securityvulns
[USN-867-1] Ntp vulnerability
2009-12-09 00:00:00
ntp server DoS
2009-12-09 00:00:00
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:02.ntpd
2010-01-06 00:00:00
metasploit
metasploit
NTP.org ntpd Reserved Mode Denial of Service
2009-12-13 02:56:20
cisco
cisco
Network Time Protocol Package Remote Message Loop Denial of Service Vulnerability
2009-12-08 22:33:40
f5
f5
SOL10905 - NTP vulnerability - CVE-2009-3563
2010-01-04 00:00:00
K000139026 : NTP vulnerability CVE-2009-3563
2024-03-25 00:00:00
K10905 : NTP vulnerability - CVE-2009-3563
2013-07-05 00:00:00
redhat
redhat
(RHSA-2009:1648) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2009:1651) Moderate: ntp security update
2009-12-08 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
debian
debian
[SECURITY] [DSA 1948-1] New ntp packages fix denial of service
2009-12-08 19:07:15
[SECURITY] [DSA 1992-1] New chrony packages fix denial of service
2010-02-04 17:38:45
cvelist
cvelist
CVE-2009-3563
2009-12-09 00:00:00
CVE-2010-0292
2010-02-08 20:00:00
packetstorm
packetstorm
NTP.org ntpd Reserved Mode Denial of Service
2024-08-31 00:00:00
centos
centos
ntp security update
2009-12-08 22:33:14
ntp security update
2009-12-08 22:18:02
ubuntucve
ubuntucve
CVE-2009-3563
2009-12-08 00:00:00
CVE-2010-0292
2010-02-08 00:00:00
debiancve
debiancve
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2010-02-08 20:30:00
prion
prion
Code injection
2009-12-09 18:30:00
Sql injection
2010-02-08 20:30:00
fedora
fedora
[SECURITY] Fedora 12 Update: ntp-4.2.4p8-1.fc12
2009-12-11 18:14:28
[SECURITY] Fedora 11 Update: ntp-4.2.4p7-3.fc11
2009-12-11 18:23:49
[SECURITY] Fedora 10 Update: ntp-4.2.4p7-2.fc10
2009-12-11 18:32:53
checkpoint_advisories
checkpoint_advisories
Multiple Vendors NTP Mode 7 Denial of Service (CVE-2009-3563)
2010-02-02 00:00:00
Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
2009-01-25 00:00:00
oraclelinux
oraclelinux
ntp security update
2009-12-08 00:00:00
ntp security update
2009-12-08 00:00:00
ubuntu
ubuntu
Ntp vulnerability
2009-12-08 00:00:00
nvd
nvd
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2010-02-08 20:30:00
cve
cve
CVE-2009-3563
2009-12-09 18:30:00
CVE-2010-0292
2010-02-08 20:30:00
slackware
slackware
[slackware-security] ntp
2009-12-10 08:39:43
redhatcve
redhatcve
CVE-2024-2169
2024-04-02 20:21:52
osv
osv
chrony - denial of service
2010-02-04 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

EPSS

0.966

Percentile

99.7%

JSON
Related for VERACODE:23967
gentoo1openvas38seebug1nessus51cert2securityvulns3freebsd_advisory1metasploit1cisco1f53redhat3debian2cvelist2packetstorm1centos2ubuntucve2debiancve2prion2fedora3checkpoint_advisories2oraclelinux2ubuntu1nvd2cve2slackware1redhatcve1osv1vmware4