Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Network Time Protocol Package Remote Message Loop Denial of Service Vulnerability

Related Vulnerabilities: CVE-2009-3563  

The Network Time Protocol (NTP) package contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error in handling certain malformed messages. An unauthenticated, remote attacker could send a malicious NTP packet with a spoofed source IP address to a vulnerable host. Once the host processes the packet, it could send a similar packet to another NTP host. This action could start a message loop between both hosts that could cause them to consume excessive CPU resources and disk space writing messages to log files. These two conditions could cause a DoS condition on the affected hosts. Functional exploit code is available. NTP.org has confirmed this vulnerability in a changelog and released updated software. This vulnerability can be exploited in one of two ways. It can be used to attack a single system running NTP and cause it to send packets to itself. Alternatively, it could be used to target two systems running NTP. In this case, the two systems would rapidly send messages back and forth between each other, causing a DoS condition on each system as well as consuming network bandwidth to carry the messages.

Source

Summary

  • The Network Time Protocol (NTP) package contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

    The vulnerability is due to an error in handling certain malformed messages. An unauthenticated, remote attacker could send a malicious NTP packet with a spoofed source IP address to a vulnerable host. Once the host processes the packet, it could send a similar packet to another NTP host. This action could start a message loop between both hosts that could cause them to consume excessive CPU resources and disk space writing messages to log files. These two conditions could cause a DoS condition on the affected hosts.

    Functional exploit code is available.

    NTP.org has confirmed this vulnerability in a changelog and released updated software.



    This vulnerability can be exploited in one of two ways. It can be used to attack a single system running NTP and cause it to send packets to itself. Alternatively, it could be used to target two systems running NTP. In this case, the two systems would rapidly send messages back and forth between each other, causing a DoS condition on each system as well as consuming network bandwidth to carry the messages.

Affected Products

Workarounds

  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to take measures against spoofing at the perimeter firewall.

    Administrators are advised to monitor affected systems.

Fixed Software

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

URL

Revision History

  • VersionDescriptionSectionStatusDate
    19.0HP has released an additional security bulletin and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2013-Mar-28
    18.0HP has released an additional security bulletin and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2011-Apr-04
    17.0HP has released an additional security bulletin and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Oct-06
    16.0VMware has re-released security advisories and provided updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Jun-28
    15.0VMware has released a security advisory and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Jun-01
    14.0NetBSD has released a security advisory and updated packages to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Apr-27
    13.0Sun has re-released an alert notification with updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Apr-14
    12.0HP has released a security bulletin and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Mar-24
    11.0Sun has re-released an alert notification and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Mar-12
    10.0VMware has released a security advisory and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Mar-05
    9.0MontaVista Software has re-released a security alert and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability. IBM has also released APARs to address this vulnerability.NAFinal2010-Mar-03
    8.0MontaVista Software has released a security alert and updated software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Feb-23
    7.0Sun has released an alert notification and Interim Security Relief software to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Jan-15
    6.0FreeBSD has released a security advisory and updated packages to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2010-Jan-07
    5.0Nortel has released a security bulletin regarding updated software to address the Network Time Protocol package remote message loop denial of service vulnerability. CentOS has released additional updated packages to address the vulnerability.NAFinal2009-Dec-21
    4.0CentOS has re-released updated packages to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2009-Dec-15
    3.0 Cisco has confirmed that additional products are affected by the Network Time Protocol package remote message loop denial of service vulnerability and has issued a bug ID. Functional exploit code is also available.NAFinal2009-Dec-11
    2.0 CentOS has released updated packages to address the Network Time Protocol package remote message loop denial of service vulnerability.NAFinal2009-Dec-09
    1.0Network Time Protocol package contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available.NAFinal2009-Dec-08
    Show Complete History...

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started