Update Protection against Multiple Vendors NTP Mode 7 Denial of Service
| Check Point Reference: | CPAI-2010-103 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA37629 | |
| Industry Reference(s): | CVE-2009-3563 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? NTP.org NTP prior to 4.2.4p8 | ||
| Vulnerability Description A denial of service vulnerability exists in the Network Time Protocol (NTP), a product shipped by many vendors. The vulnerability is due to incorrect handling of mode 7 (MODE_PRIVATE) requests. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted mode 7 request to a target NTP server. A successful attack can lead to a denial of service condition of the affected service. |
||
|
Update/Patch Available The vendor, NTP.org, has released an advisory addressing this vulnerability: https://lists.ntp.org/pipermail/announce/2009-December/000086.html |
|
|
Vulnerability Details The Network Time Protocol (NTP) is available with many major operating systems. ntpd is an implementation of an operating system daemon which sets and maintains the system's time of day information in synchronism with Internet standard time servers. A denial of service vulnerability exists in the way he ntpd daemon handles malformed Mode 7 NTP messages. An attacker can exploit this issue by sending a crafted NTP Mode 7 message. The vulnerability is triggered when the affected ntpd server processes the malicious message. |
Protection Overview IPS-1 detects and blocks NTP MODE 7 request packets whose source and destination UDP ports are 123.
To configure the defense, select your product from the list below and follow the related protection steps.