Vulnerability Note VU#568372
NTP mode 7 denial-of-service vulnerability
NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition.
NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a "restrict ... noquery" or "restrict ... ignore" segment, ntpd will reply with a mode 7 error response and log a message.
If an attacker spoofs the source address of ntpd host A in a mode 7 response packet sent to ntpd host B, both A and B will continuously send each other error responses, for as long as those packets get through.
A remote, unauthenticated attacker may be able to cause a denial-of-service condition on a vulnerable NTP server.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Inc.||Affected||26 Oct 2009||27 Oct 2009|
|Cisco Systems, Inc.||Affected||26 Oct 2009||13 Dec 2009|
|Debian GNU/Linux||Affected||26 Oct 2009||08 Dec 2009|
|Gentoo Linux||Affected||26 Oct 2009||10 Dec 2009|
|Meinberg Funkuhren GmbH & Co. KG||Affected||-||16 Dec 2009|
|QNX Software Systems Inc.||Affected||26 Oct 2009||07 Dec 2009|
|Red Hat, Inc.||Affected||26 Oct 2009||08 Dec 2009|
|Sun Microsystems, Inc.||Affected||26 Oct 2009||22 Jan 2010|
|The SCO Group||Affected||26 Oct 2009||29 Oct 2009|
|Ubuntu||Affected||26 Oct 2009||09 Dec 2009|
|Computer Associates||Not Affected||26 Oct 2009||27 Apr 2010|
|Extreme Networks||Not Affected||26 Oct 2009||03 Feb 2010|
|Force10 Networks, Inc.||Not Affected||26 Oct 2009||22 Jul 2011|
|Microsoft Corporation||Not Affected||26 Oct 2009||05 Apr 2010|
|PePLink||Not Affected||26 Oct 2009||04 Dec 2009|
CVSS Metrics (Learn More)
Thanks to Harlan Stenn for reporting this vulnerability.
This document was written by Will Dormann, based on information provided by Harlan Stenn.
- CVE IDs: CVE-2009-3563
- Date Public: 08 Dec 2009
- Date First Published: 08 Dec 2009
- Date Last Updated: 22 Jul 2011
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.