Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Network Time Protocol Package Remote��Message Loop Denial of Service��Vulnerability

Cisco-SA-20091208-CVE-2009-3563 · Medium · Published · Updated

The Network Time Protocol (NTP) package contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error in handling certain malformed messages.  An unauthenticated, remote attacker could send a malicious NTP packet with a spoofed source IP address to a vulnerable host.  Once the host processes the packet, it could send a similar packet to another NTP host.  This action could start a message loop between both hosts that could cause them to consume excessive CPU resources and disk space writing messages to log files.  These two conditions could cause a DoS condition on the affected hosts. Functional exploit code is available. NTP.org has confirmed this vulnerability in a changelog and released updated software. This vulnerability can be exploited in one of two ways. It can be used to attack a single system running NTP and cause it to send packets to itself. Alternatively, it could be used to target two systems running NTP. In this case, the two systems would rapidly send messages back and forth between each other, causing a DoS condition on each system as well as consuming network bandwidth to carry the messages.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.
Administrators are advised to take measures against spoofing at the perimeter firewall.

Administrators are advised to monitor affected systems.

CVEsCVE-2009-3563
Cisco Bug IDsNA
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Wide Area Application Services (WAAS), Cisco TelePresence, Cisco NX-OS Software, Cisco ACE XML Gateway Software, Cisco Unified Communications Manager, Cisco Digital Media Player Software, Cisco MeetingPlace Server, Cisco IP Interoperability and Communications System (IPICS), Cisco MXE 3500 (Media Experience Engine)

Related Products

Product CVE Evidence
Cisco Wide Area Application Services (WAAS) CVE-2009-3563 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2009-3563 Cisco OpenVuln
Cisco TelePresence CVE-2009-3563 Cisco OpenVuln
Cisco NX-OS Software CVE-2009-3563 Cisco OpenVuln
Cisco MeetingPlace Server CVE-2009-3563 Cisco OpenVuln
Cisco MXE 3500 (Media Experience Engine) CVE-2009-3563 Cisco OpenVuln
Cisco IP Interoperability and Communications System (IPICS) CVE-2009-3563 Cisco OpenVuln
Cisco Digital Media Player Software CVE-2009-3563 Cisco OpenVuln
Cisco ACE XML Gateway Software CVE-2009-3563 Cisco OpenVuln