PublicDateAtUSN: 2009-12-08
Candidate: CVE-2009-3563
PublicDate: 2009-12-09 18:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
 https://www.kb.cert.org/vuls/id/568372
 https://support.ntp.org/bugs/show_bug.cgi?id=1331
 https://ubuntu.com/security/notices/USN-867-1
Description:
 ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote
 attackers to cause a denial of service (CPU and bandwidth consumption) by
 using MODE_PRIVATE to send a spoofed (1) request or (2) response packet
 that triggers a continuous exchange of MODE_PRIVATE error responses between
 two NTP daemons.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Robin Park and Dmitri Vinokurov
Assigned-to: jdstrand
CVSS: 

Patches_ntp:
upstream_ntp: released (4.2.4p8)
dapper_ntp: released (1:4.2.0a+stable-8.1ubuntu6.3)
hardy_ntp: released (1:4.2.4p4+dfsg-3ubuntu2.3)
intrepid_ntp: released (1:4.2.4p4+dfsg-6ubuntu2.4)
jaunty_ntp: released (1:4.2.4p4+dfsg-7ubuntu5.2)
karmic_ntp: released (1:4.2.4p6+dfsg-1ubuntu5.1)
devel_ntp: released (1:4.2.4p6+dfsg-2ubuntu3)