Package: ntp Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ntp.
CVE-2009-3563[0]: | The topology used includes two nodes running ntp and an attacker's PC: | | PC---> [node1 ntpd1]:11.0.0.1 --------11.0.0.2:[node2 ntpd2] | | PC sends one crafted UDP packet with one byte payload 0x17, i.e. NTP Request in | mode 7. | This UDP packet has spoofed source IP of 11.0.0.2, destination = 11.0.0.1, | source port 123 and destination port 123. | Node1 responds with mode 7 Error Response to Node2, and here comes something we | cannot conceive. Ntpd2 responds back with the same mode 7 Error Response to | Node1, Ntpd1 does again the same, etc. with the aggregate rate of few thousand | pps. CPU is taken away on both sides, network is busy... | Better yet, if we spoof the Node1's address 11.0.0.1 as a source, Node1 sends | all these packets to itself all the time! Endless. | Payload "97 00 00 00" (Response mode 7) works too. | If you fix the vulnerability please also make sure to include the | CVE id in your changelog entry. Upstream has release 4.2.4p8 to fix this issue. For further information see: [0] https://support.ntp.org/bugs/show_bug.cgi?id=1331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://security-tracker.debian.org/tracker/CVE-2009-3563 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgp6YCCk7wJKN.pgp
Description: PGP signature
