Overview
NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition.
Description
NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a "restrict ... noquery" or "restrict ... ignore" segment, ntpd will reply with a mode 7 error response and log a message. If an attacker spoofs the source address of ntpd host A in a mode 7 response packet sent to ntpd host B, both A and B will continuously send each other error responses, for as long as those packets get through. |
Impact
A remote, unauthenticated attacker may be able to cause a denial-of-service condition on a vulnerable NTP server. |
Solution
Apply an update |
|
Vendor Information
Apple Inc. Affected
Notified: October 26, 2009 Updated: October 27, 2009
Statement Date: October 27, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cisco Systems, Inc. Affected
Notified: October 26, 2009 Updated: December 13, 2009
Statement Date: December 02, 2009
Status
Affected
Vendor Statement
Please find below our bug id details:
Cisco IOS and Cisco IOS XE Software (Cisco Bug ID: CSCtd75033)
Cisco Nexus Series Switches (Cisco Bug IDs: CSCsz81239, CSCtd15613, CSCtd15613)
Cisco Application Control Engine appliance (Cisco Bug ID: CSCsz93757)
Cisco Unified Communications Manager - Linux (Cisco Bug ID: CSCtc99277)
Cisco Telepresence Systems (Cisco Bug ID: CSCtc99290)
Cisco Wide Area Application Services (WAAS) (Cisco Bug ID: CSCtc99299)
Cisco Meeting Place Server (Cisco Bug ID: CSCtc99306)
Cisco Mobility Services Engine (Location Appliance) (Cisco Bug ID: CSCtc99318)
Cisco ACE XML Gateways (Cisco Bug ID: CSCtd15631)
Cisco IP Interoperability and Communications System (IPICS) (Cisco Bug ID: CSCtd15623)
Cisco MDS 9500 Series (Cisco Bug ID: CSCtd15595)
Cisco Digital Media Players (Cisco Bug ID: CSCtd15641)
Vendor Information
Please see Cisco Vulnerability Alert 19540.
Vendor References
Debian GNU/Linux Affected
Notified: October 26, 2009 Updated: December 08, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see http://security-tracker.debian.org/tracker/CVE-2009-3563
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Gentoo Linux Affected
Notified: October 26, 2009 Updated: December 10, 2009
Statement Date: December 10, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Please see: http://bugs.gentoo.org/show_bug.cgi?id=290881.
Vendor References
Meinberg Funkuhren GmbH & Co. KG Affected
Updated: December 16, 2009
Statement Date: December 15, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
we announced on Friday that our LANTIME NTP Time Server Appliances are affected as well:
http://www.meinberg.de/english/news/lantime-firmware-update-ntp-security-problem-with-mode-7-packets.htm
Additionally, Meinberg provides an easy-to-use Windows installer for the reference implementation of NTP, i.e. we created an installer that installs the original ntpd from ntp.org on Windows machines. We also updated this installer to include 4.2.4p8 and nicknamed it "lennon" (in memory of the death of John Lennon, wo died on December 8th - the day when this vulnerability has been announced.
http://www.meinberg.de/english/news/software-new-ntp-version-for-windows-4-2-4p8-security-update.htm
QNX Software Systems Inc. Affected
Notified: October 26, 2009 Updated: December 07, 2009
Statement Date: December 07, 2009
Status
Affected
Vendor Statement
The NTP feature of the Neutrino operating system (version 6.4.1 and earlier) is vulnerable. This issue will be corrected in the upcoming Neutrino 6.4.2 operating system release. Please contact your QNX representative regarding earlier OS product releases.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. Affected
Notified: October 26, 2009 Updated: December 08, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Affected
Notified: October 26, 2009 Updated: January 22, 2010
Statement Date: January 22, 2010
Status
Affected
Vendor Statement
Solaris is impacted by CERT Vulnerability Note VU#568372: 'NTP mode 7 denial-of-service vulnerability'. We have published Sun Alert 275590 for this issue.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
The SCO Group Affected
Notified: October 26, 2009 Updated: October 29, 2009
Statement Date: October 29, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Affected
Notified: October 26, 2009 Updated: December 09, 2009
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Please see http://www.ubuntu.com/usn/USN-867-1.
Vendor References
Computer Associates Not Affected
Notified: October 26, 2009 Updated: April 27, 2010
Statement Date: March 23, 2010
Status
Not Affected
Vendor Statement
CA has reviewed the VU#568372 information you have provided, and we have determined that CA products are NOT VULNERABLE.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Extreme Networks Not Affected
Notified: October 26, 2009 Updated: February 03, 2010
Statement Date: November 30, 2009
Status
Not Affected
Vendor Statement
Extreme Products dont provide NTPD service. The devices only have NTP clients. Hence, the vulnerability VU#568372 is not applicable to Extreme Networks products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Force10 Networks, Inc. Not Affected
Notified: October 26, 2009 Updated: July 22, 2011
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: October 26, 2009 Updated: April 05, 2010
Statement Date: March 29, 2010
Status
Not Affected
Vendor Statement
The Microsoft W32time implementation does not use Mode 7.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
PePLink Not Affected
Notified: October 26, 2009 Updated: December 04, 2009
Statement Date: October 27, 2009
Status
Not Affected
Vendor Statement
Peplink products are not vulnerable to this attack for the following reason:
* Peplink products do not use ntpd.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SafeNet Not Affected
Notified: October 26, 2009 Updated: October 28, 2009
Statement Date: October 28, 2009
Status
Not Affected
Vendor Statement
We have confirmed that no SafeNet products are affected by this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com Inc Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel-Lucent Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Barracuda Networks Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Belkin, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Borderware Technologies Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Clavister Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cray Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EMC Corporation Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Enterasys Networks Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ericsson Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fedora Project Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fujitsu Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Global Technology Associates Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM eServer Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IP Filter Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IP Infusion, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Infoblox Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Security Systems, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intoto Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Luminous Networks Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Mandriva S. A. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetApp Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NetBSD Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Novell, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Process Software Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Q1 Labs Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
RadWare, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SUSE Linux Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
SmoothWall Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Snort Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Soapstone Networks Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sourcefire Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Stonesoft Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint Technologies Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Turbolinux Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
U4EA Technologies, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Unisys Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
VMware Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vyatta Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ZyXEL Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
m0n0wall Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
netfilter Unknown
Notified: October 26, 2009 Updated: October 26, 2009
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- https://support.ntp.org/bugs/show_bug.cgi?id=1331
- http://tools.ietf.org/html/rfc2827
- http://tools.ietf.org/html/rfc3704
- http://www.ntp.org/downloads.html
- http://www.ubuntu.com/usn/USN-867-1
- http://security-tracker.debian.org/tracker/CVE-2009-3563
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19540
Acknowledgements
Thanks to Harlan Stenn for reporting this vulnerability.
This document was written by Will Dormann, based on information provided by Harlan Stenn.
Other Information
| CVE IDs: | CVE-2009-3563 |
| Date Public: | 2009-12-08 |
| Date First Published: | 2009-12-08 |
| Date Last Updated: | 2011-07-22 12:47 UTC |
| Document Revision: | 32 |