NTP BUG 1331: DoS attack from certain NTP mode 7 packets

Last update: January 15, 2024 18:03 UTC (83e32bc41)


Resolved 4.2.4p8
08 December 2009
References Bug 1331 CVE-2009-3563
Affects All releases from xntp2 (1989) (possibly earlier) through 4.2.4 before 4.2.4p8 and all versions of 4.2.5. Resolved in 4.2.4p8 and 4.2.6.
CVSS2 Score 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P


NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address which is not listed in a restrict ... noquery or restrict ... ignore statement, ntpd will reply with a mode 7 error response (and log a message). In this case:



This vulnerability was discovered by Robin Park and Dmitri Vinokurov of Alcatel-Lucent.