NTP Mode 7 Request Denial Of Service Vulnerability - CVE-2009-3563

Solution Verified - Updated -

Issue

Security scan on server listed following vulnerablity.

NTP Mode 7 Request Denial Of Service Vulnerability 

Description:
A denial of service vulnerability is present in some versions of NTP server.

Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/
Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP server. A flaw is present in the ntp_request.c in ntpd, which fails to handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.
Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In