Detections
Analytics

NTP ntpd Mode 7 Error Response Packet Loop Remote DoS

medium Nessus Plugin ID 43156

Language:

Synopsis

The remote network time service has a denial of service vulnerability.

Description

The version of ntpd running on the remote host has a denial of service vulnerability. It responds to mode 7 error packets with its own mode 7 error packets. A remote attacker could exploit this by sending a mode 7 error response with a spoofed IP header, setting the source and destination IP addresses to the IP address of the target. This would cause ntpd to respond to itself endlessly, consuming excessive amounts of CPU, resulting in a denial of service.

Solution

Upgrade to NTP 4.2.4p8 / 4.2.6 or later.

See Also

https://bugs.ntp.org/show_bug.cgi?id=1331

http://www.nessus.org/u?3a07ed05

Plugin Details

Severity: Medium

ID: 43156

File Name: ntpd_mode7_ping_pong_dos.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 12/14/2009

Updated: 7/16/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Required KB Items: NTP/Running

Exploit Ease: No known exploits are available

Patch Publication Date: 12/8/2009

Vulnerability Publication Date: 11/4/2009

Reference Information

CVE: CVE-2009-3563

BID: 37255

CERT: 568372

Secunia: 37629