Check Point Advisories

Update Protection against Multiple Vendors NTP Mode 7 Denial of Service

Check Point Reference: CPAI-2010-103
Date Published: 25 Jan 2009
Severity: High
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory: SA37629 
Industry Reference:CVE-2009-3563
Protection Provided by:
Who is Vulnerable? NTP.org NTP prior to 4.2.4p8
Vulnerability Description A denial of service vulnerability exists in the Network Time Protocol (NTP), a product shipped by many vendors. The vulnerability is due to incorrect handling of mode 7 (MODE_PRIVATE) requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7 request to a target NTP server. A successful attack can lead to a denial of service condition of the affected service.
Update/Patch AvaliableThe vendor, NTP.org, has released an advisory addressing this vulnerability:
https://lists.ntp.org/pipermail/announce/2009-December/000086.html
Vulnerability DetailsThe Network Time Protocol (NTP) is available with many major operating systems. ntpd is an implementation of an operating system daemon which sets and maintains the system's time of day information in synchronism with Internet standard time servers. A denial of service vulnerability exists in the way he ntpd daemon handles malformed Mode 7 NTP messages. An attacker can exploit this issue by sending a crafted NTP Mode 7 message. The vulnerability is triggered when the affected ntpd server processes the malicious message.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK