CVE-2009-3563

Publication date 8 December 2009

Last updated 24 July 2024

Ubuntu priority

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
ntp	9.10 karmic	Fixed 1:4.2.4p6+dfsg-1ubuntu5.1
	9.04 jaunty	Fixed 1:4.2.4p4+dfsg-7ubuntu5.2
	8.10 intrepid	Fixed 1:4.2.4p4+dfsg-6ubuntu2.4
	8.04 LTS hardy	Fixed 1:4.2.4p4+dfsg-3ubuntu2.3
	6.06 LTS dapper	Fixed 1:4.2.0a+stable-8.1ubuntu6.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-867-1
Ntp vulnerability
8 December 2009

Other references

https://www.kb.cert.org/vuls/id/568372
https://support.ntp.org/bugs/show_bug.cgi?id=1331
https://www.cve.org/CVERecord?id=CVE-2009-3563