NTP Mode 7 Request Denial Of Service Vulnerability - CVE-2009-3563

Solution Verified - Updated -

Issue

Security scan on server listed following vulnerablity.

NTP Mode 7 Request Denial Of Service Vulnerability 

Description:
A denial of service vulnerability is present in some versions of NTP server.

Recommendation:
Upgrade to NTP version 4.2.4p8 or later available at :
http://www.ntp.org/
Observation:
Network Time Protocol (NTP) is a UDP-based network protocol used to synchronize the clocks of computer systems over a network.
A denial of service vulnerability is present in some versions of NTP server. A flaw is present in the ntp_request.c in ntpd, which fails to handle a crafted mode 7(MODE_PRIVATE)
request and replies with a mode 7 error response. Successful
exploitation could allow an attacker to cause a denial of service condition.
Common Vulnerabilities & Exposures (CVE) Link:
CVE-2009-3563

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content