NTP Mode 7 Request Denial Of Service Vulnerability - CVE-2009-3563
Issue
Security scan on server listed following vulnerablity.
NTP Mode 7 Request Denial Of Service Vulnerability
Description:
A denial of service vulnerability is present in some versions of NTP server.
Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/
Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP server. A flaw is present in the ntp_request.c in ntpd, which fails to handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.
Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 4
- Red Hat Enterprise Linux 3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.