NTP Mode 7 Request Denial Of Service Vulnerability - CVE-2009-3563

Solution Verified - Updated -

Issue

Security scan on server listed following vulnerablity.

NTP Mode 7 Request Denial Of Service Vulnerability 

Description:
A denial of service vulnerability is present in some versions of NTP server.

Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/
Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP server. A flaw is present in the ntp_request.c in ntpd, which fails to handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.
Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.