Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-3563 (GCVE-0-2009-3563)
Vulnerability from cvelistv5 – Published: 2009-12-09 00:00 – Updated: 2024-08-07 06:31
VLAI
EPSS
Summary
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
45 references
Date Public
2009-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#568372",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "38832",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38832"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:11225",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "FEDORA-2009-13121",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "38764",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38764"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "oval:org.mitre.oval:def:19376",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "37255",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "39593",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/39593"
},
{
"name": "IZ71047",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "ADV-2010-0993",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "DSA-1948",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"tags": [
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "HPSBUX02639",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "1021781",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "IZ68659",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "SSRT100293",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "oval:org.mitre.oval:def:7076",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "37922",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "NetBSD-SA2010-005",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "FEDORA-2009-13090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "1023298",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "oval:org.mitre.oval:def:12141",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "37629",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/37629"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "ADV-2010-0510",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "RHSA-2009:1648",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "VU#417980",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T21:06:04.060Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#568372",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "38832",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38832"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:11225",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "38794",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "FEDORA-2009-13121",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "38764",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38764"
},
{
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "oval:org.mitre.oval:def:19376",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "37255",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "39593",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/39593"
},
{
"name": "IZ71047",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "ADV-2010-0993",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "DSA-1948",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "HPSBUX02639",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "1021781",
"tags": [
"vendor-advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "IZ68659",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "SSRT100293",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "oval:org.mitre.oval:def:7076",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "37922",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "NetBSD-SA2010-005",
"tags": [
"vendor-advisory"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "38834",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "FEDORA-2009-13090",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "1023298",
"tags": [
"vdb-entry"
],
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "oval:org.mitre.oval:def:12141",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "37629",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/37629"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"tags": [
"mailing-list"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "ADV-2010-0510",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "RHSA-2009:1648",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "VU#417980",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3563",
"datePublished": "2009-12-09T00:00:00.000Z",
"dateReserved": "2009-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2009-3563",
"date": "2026-05-29",
"epss": "0.81107",
"percentile": "0.9918"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-3563\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-12-09T18:30:00.390\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.\"},{\"lang\":\"es\",\"value\":\"ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantaci\u00f3n de (1) petici\u00f3n o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.2p4\",\"matchCriteriaId\":\"73B1FD64-D156-45BC-9713-77E163DF731C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25AB2D70-2807-4970-ACD3-9B4751A1F9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C78C19-5A09-4883-8144-AE861A244FEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"437C8BA8-F437-4166-838D-EDC64E7A67DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104AEC97-3C2A-48D2-BA63-08502F88F8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D67E30-E303-4F79-9929-4A5B587FCDB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BD63969-D18D-41AF-9814-DA1A207BDE80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EAD8958-173A-4FCC-9420-A148BA5F73E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B271F6AD-D829-4671-8FA7-7D921364B426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C25E03A8-46B5-4AC7-8506-4C255D7CC400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C76CD53-CC9F-491A-952F-9A82D6E20058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E749D64E-5C47-4A34-9F3C-1D34F8348058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0C9CBB-D52F-4F7C-B343-E685A3996BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB90A3FB-B107-46CF-A846-48EE0EDF637A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088BFFA4-1AAB-4699-9793-F731A81B296A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3475779-383A-4128-9145-474EC08030FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"782BAA3D-A639-4B25-83F0-741074C88D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF367FA4-2C7F-4040-89DE-8A97A069A802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01D11498-3FC4-4890-9B10-BBA74A01C9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C2B888-66D6-45D3-97E3-C711B1C6971A\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37629\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38764\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38794\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38832\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38834\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39593\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security-tracker.debian.org/tracker/CVE-2009-3563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023298\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/css/P8/documents/100071808\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1948\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/568372\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7V6J\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7VD7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37255\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0510\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0528\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0993\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=531213\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.ntp.org/pipermail/announce/2009-December/000086.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1648.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1651.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.ntp.org/bugs/show_bug.cgi?id=1331\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/417980\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39593\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security-tracker.debian.org/tracker/CVE-2009-3563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/css/P8/documents/100071808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/568372\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7V6J\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7VD7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=531213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.ntp.org/pipermail/announce/2009-December/000086.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1651.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.ntp.org/bugs/show_bug.cgi?id=1331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/417980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2010-AVI-002
Vulnerability from certfr_avis - Published: 2010-01-07 - Updated: 2010-10-06
Une vulnérabilité dans NTPD permet à un utilisateur d'effectuer un déni de service à distance.
Description
Une vulnérabilité dans NTPD permet à un utilisateur d'effectuer un déni de service à distance en envoyant un paquet UDP spécialement construit.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NTPD versions ant\u00e9rieures \u00e0 4.2.4p8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NTPD versions ant\u00e9rieures \u00e0 4.2.6.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans NTPD permet \u00e0 un utilisateur d\u0027effectuer un d\u00e9ni\nde service \u00e0 distance en envoyant un paquet UDP sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
}
],
"initial_release_date": "2010-01-07T00:00:00",
"last_revision_date": "2010-10-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP #c01961959 du 23 mars 2010 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document/.jsp?objectID=c01961959"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP Tru64 UNIX c01961950 du 04 octobre 2010 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01961950"
}
],
"reference": "CERTA-2010-AVI-002",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-07T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP.",
"revision_date": "2010-03-26T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 HP Tru64 UNIX.",
"revision_date": "2010-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans NTPD permet \u00e0 un utilisateur d\u0027effectuer un d\u00e9ni\nde service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans NTPD",
"vendor_advisories": [
{
"published_at": null,
"title": "Rapport de bogue #1331 de NTP du 31 d\u00e9cembre 2009",
"url": "http://support.ntp.org/bugs/show_bug.cgi?id=1331"
}
]
}
CERTA-2010-AVI-106
Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04
Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.
Description
Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware vMA 4.0 sans le patch 3.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 2.5.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2009-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
},
{
"name": "CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"name": "CVE-2009-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
},
{
"name": "CVE-2009-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2009-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
},
{
"name": "CVE-2009-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
},
{
"name": "CVE-2009-4022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2009-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2009-3228",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
},
{
"name": "CVE-2009-3547",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
},
{
"name": "CVE-2009-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
},
{
"name": "CVE-2008-4316",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
},
{
"name": "CVE-2009-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
},
{
"name": "CVE-2008-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
},
{
"name": "CVE-2009-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
},
{
"name": "CVE-2009-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
},
{
"name": "CVE-2009-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
},
{
"name": "CVE-2009-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
},
{
"name": "CVE-2008-4552",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
},
{
"name": "CVE-2009-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
},
{
"name": "CVE-2009-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
},
{
"name": "CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"name": "CVE-2009-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
},
{
"name": "CVE-2009-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
},
{
"name": "CVE-2009-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
}
],
"initial_release_date": "2010-03-04T00:00:00",
"last_revision_date": "2010-03-04T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
}
]
}
CERTFR-2014-AVI-480
Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPOS versions antérieures à 6.6R2 | ||
| ESET | Security | Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2 | ||
| Juniper Networks | N/A | CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6 | ||
| Juniper Networks | Junos Space | Junos Space jusqu'à la version 13.3 | ||
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2 | ||
| ESET | Security | Network and Security Manager (NSM) version 2012.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Network and Security Manager (NSM) version 2012.2",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
},
{
"name": "CVE-2010-3853",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2010-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
},
{
"name": "CVE-2012-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
},
{
"name": "CVE-2012-2329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
},
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2012-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
},
{
"name": "CVE-2014-4827",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
},
{
"name": "CVE-2013-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2013-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2014-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2012-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
},
{
"name": "CVE-2010-4755",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
},
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2014-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
},
{
"name": "CVE-2013-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
},
{
"name": "CVE-2013-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
},
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
},
{
"name": "CVE-2014-7169",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2011-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
},
{
"name": "CVE-2011-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2014-4825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
},
{
"name": "CVE-2010-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
},
{
"name": "CVE-2012-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
},
{
"name": "CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2014-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2010-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2012-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4830",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
},
{
"name": "CVE-2011-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
},
{
"name": "CVE-2014-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
},
{
"name": "CVE-2014-4828",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
},
{
"name": "CVE-2014-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
},
{
"name": "CVE-2010-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
},
{
"name": "CVE-2012-0831",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2014-7187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
},
{
"name": "CVE-2010-2956",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2014-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
},
{
"name": "CVE-2011-4566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
},
{
"name": "CVE-2014-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2014-6278",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
},
{
"name": "CVE-2012-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-5107",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
},
{
"name": "CVE-2009-1265",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
},
{
"name": "CVE-2010-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
},
{
"name": "CVE-2012-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
},
{
"name": "CVE-2011-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
},
{
"name": "CVE-2010-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-2337",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
},
{
"name": "CVE-2014-3091",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2014-11-13T00:00:00",
"last_revision_date": "2014-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-480",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
}
]
}
CERTFR-2015-AVI-146
Vulnerability from certfr_avis - Published: 2015-04-13 - Updated: 2015-04-13
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper NSM versions antérieures à 2012.2R12 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.3R9 | ||
| Juniper Networks | N/A | Juniper CTPOS versions antérieures à 6.6R5 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.2X50-D70 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 11.4R12 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.2X51-D30 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.3R7 | ||
| Juniper Networks | N/A | Juniper NSM versions antérieures à 2012.2R11 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.3R10 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.2R6 | ||
| Juniper Networks | N/A | Juniper CTPView versions antérieures à 7.1R1 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.3R6 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 14.2R1 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.3X48-D10 | ||
| Juniper Networks | N/A | Juniper CTPOS versions antérieures à 7.0R4 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 14.1X53-D10 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.1X46-D35 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.1X47-D25 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 14.1R5 | ||
| Juniper Networks | N/A | Juniper CTPOS versions antérieures à 7.1R1 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.1X44-D50 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.3R5 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.2X52-D15 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 14.1R3 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 14.2R3 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.2R8 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 12.2R9 | ||
| Juniper Networks | Junos OS | Juniper Junos OS versions antérieures à 13.1X50-D30 | ||
| Juniper Networks | N/A | Juniper IDP OS versions antérieures à 5.1r4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R12",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 6.6R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2X50-D70",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 11.4R12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D30",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R11",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper CTPView versions ant\u00e9rieures \u00e0 7.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3X48-D10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.0R4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D35",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X47-D25",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X44-D50",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X52-D15",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2R9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.1X50-D30",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper IDP OS versions ant\u00e9rieures \u00e0 5.1r4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2014-3571",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-3002",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3002"
},
{
"name": "CVE-2014-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
},
{
"name": "CVE-2015-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3004"
},
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2015-0206",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
},
{
"name": "CVE-2015-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
},
{
"name": "CVE-2014-6271",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2011-0539",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
},
{
"name": "CVE-2015-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
},
{
"name": "CVE-2010-4478",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4478"
},
{
"name": "CVE-2015-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
},
{
"name": "CVE-2014-4478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4478"
},
{
"name": "CVE-2015-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3003"
},
{
"name": "CVE-2012-0814",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0814"
},
{
"name": "CVE-2015-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2015-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
},
{
"name": "CVE-2014-8275",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
},
{
"name": "CVE-2015-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2015-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2014-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
},
{
"name": "CVE-2014-3569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
},
{
"name": "CVE-2015-3005",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3005"
},
{
"name": "CVE-2014-8500",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8500"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
},
{
"name": "CVE-2015-3006",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3006"
}
],
"initial_release_date": "2015-04-13T00:00:00",
"last_revision_date": "2015-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10679 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10676 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10676"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10673 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10672 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10672"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10680 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10677 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10677"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10678 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10678"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10675 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10675"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10674 du 07 avril 2015",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10674"
}
]
}
CERTFR-2023-AVI-0553
Vulnerability from certfr_avis - Published: 2023-07-17 - Updated: 2023-07-17
Une vulnérabilité a été découverte dans les commutateurs Moxa. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | N/A | séries PT-7728 versions 3.8 et antérieures sans le dernier correctif de sécurité | ||
| Moxa | N/A | séries PT-G7828 versions 6.2 et antérieures sans le dernier correctif de sécurité | ||
| Moxa | N/A | séries PT-7828 versions 3.9 et antérieures sans le dernier correctif de sécurité | ||
| Moxa | N/A | séries PT-508 versions 3.8 et antérieures sans le dernier correctif de sécurité | ||
| Moxa | N/A | séries MDS-G4012 versions 1.2 et antérieures sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "s\u00e9ries PT-7728 versions 3.8 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "s\u00e9ries PT-G7828 versions 6.2 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "s\u00e9ries PT-7828 versions 3.9 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "s\u00e9ries PT-508 versions 3.8 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "s\u00e9ries MDS-G4012 versions 1.2 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
}
],
"initial_release_date": "2023-07-17T00:00:00",
"last_revision_date": "2023-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les commutateurs Moxa. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230307 du 13 juillet 2023",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230307-multiple-switch-series-affected-by-ntp-denial-of-service-vulnerability"
}
]
}
FKIE_CVE-2009-3563
Vulnerability from fkie_nvd - Published: 2009-12-09 18:30 - Updated: 2026-04-23 00:35
Severity
Summary
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.0.72 | |
| ntp | ntp | 4.0.73 | |
| ntp | ntp | 4.0.90 | |
| ntp | ntp | 4.0.91 | |
| ntp | ntp | 4.0.92 | |
| ntp | ntp | 4.0.93 | |
| ntp | ntp | 4.0.94 | |
| ntp | ntp | 4.0.95 | |
| ntp | ntp | 4.0.96 | |
| ntp | ntp | 4.0.97 | |
| ntp | ntp | 4.0.98 | |
| ntp | ntp | 4.0.99 | |
| ntp | ntp | 4.1.0 | |
| ntp | ntp | 4.1.2 | |
| ntp | ntp | 4.2.0 | |
| ntp | ntp | 4.2.2 | |
| ntp | ntp | 4.2.2p1 | |
| ntp | ntp | 4.2.2p2 | |
| ntp | ntp | 4.2.2p3 | |
| ntp | ntp | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73B1FD64-D156-45BC-9713-77E163DF731C",
"versionEndIncluding": "4.2.2p4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB2D70-2807-4970-ACD3-9B4751A1F9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "06C78C19-5A09-4883-8144-AE861A244FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "437C8BA8-F437-4166-838D-EDC64E7A67DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "104AEC97-3C2A-48D2-BA63-08502F88F8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "87D67E30-E303-4F79-9929-4A5B587FCDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD63969-D18D-41AF-9814-DA1A207BDE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAD8958-173A-4FCC-9420-A148BA5F73E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "B271F6AD-D829-4671-8FA7-7D921364B426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "C25E03A8-46B5-4AC7-8506-4C255D7CC400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "2C76CD53-CC9F-491A-952F-9A82D6E20058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "E749D64E-5C47-4A34-9F3C-1D34F8348058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0C9CBB-D52F-4F7C-B343-E685A3996BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "088BFFA4-1AAB-4699-9793-F731A81B296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3475779-383A-4128-9145-474EC08030FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "782BAA3D-A639-4B25-83F0-741074C88D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF367FA4-2C7F-4040-89DE-8A97A069A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "01D11498-3FC4-4890-9B10-BBA74A01C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35C2B888-66D6-45D3-97E3-C711B1C6971A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
},
{
"lang": "es",
"value": "ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantaci\u00f3n de (1) petici\u00f3n o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP."
}
],
"id": "CVE-2009-3563",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-09T18:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37629"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37922"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38764"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39593"
},
{
"source": "cve@mitre.org",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023298"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"source": "cve@mitre.org",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "cve@mitre.org",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-GM22-X89C-4H54
Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20
VLAI
Details
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
{
"affected": [],
"aliases": [
"CVE-2009-3563"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-12-09T18:30:00Z",
"severity": "MODERATE"
},
"details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
"id": "GHSA-gm22-x89c-4h54",
"modified": "2022-05-03T03:20:29Z",
"published": "2022-05-03T03:20:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"type": "WEB",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"type": "WEB",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37629"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37922"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38764"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38794"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38832"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38834"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39593"
},
{
"type": "WEB",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023298"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"type": "WEB",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37255"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0993"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2009-3563
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-3563",
"description": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
"id": "GSD-2009-3563",
"references": [
"https://www.suse.com/security/cve/CVE-2009-3563.html",
"https://www.debian.org/security/2009/dsa-1948",
"https://access.redhat.com/errata/RHSA-2009:1651",
"https://access.redhat.com/errata/RHSA-2009:1648",
"https://linux.oracle.com/cve/CVE-2009-3563.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-3563"
],
"details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
"id": "GSD-2009-3563",
"modified": "2023-12-13T01:19:49.509033Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#568372",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "38832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38832"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:11225",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"name": "http://support.avaya.com/css/P8/documents/100071808",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "FEDORA-2009-13121",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "38764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38764"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "oval:org.mitre.oval:def:19376",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "37255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "SSRT101144",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "39593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39593"
},
{
"name": "IZ71047",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "ADV-2010-0993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "DSA-1948",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "HPSBUX02639",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "1021781",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "IZ68659",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "SSRT100293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331",
"refsource": "CONFIRM",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "oval:org.mitre.oval:def:7076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "37922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37922"
},
{
"name": "NetBSD-SA2010-005",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "38834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38834"
},
{
"name": "FEDORA-2009-13090",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2009-3563",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "1023298",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "oval:org.mitre.oval:def:12141",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "RHSA-2009:1651",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "37629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37629"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "HPSBUX02859",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"refsource": "MLIST",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "ADV-2010-0510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "RHSA-2009:1648",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "VU#417980",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/417980"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.2p4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3563"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1651",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "DSA-1948",
"refsource": "DEBIAN",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"name": "1023298",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"name": "37255",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "RHSA-2009:1648",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "VU#568372",
"refsource": "CERT-VN",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "http://security-tracker.debian.org/tracker/CVE-2009-3563",
"refsource": "CONFIRM",
"tags": [],
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "FEDORA-2009-13121",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"name": "FEDORA-2009-13090",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"tags": [],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100071808",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "37922",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "IZ71047",
"refsource": "AIXAPAR",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "37629",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37629"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc",
"refsource": "CONFIRM",
"tags": [],
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "ADV-2010-0510",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "38764",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38764"
},
{
"name": "IZ68659",
"refsource": "AIXAPAR",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "38794",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "38832",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38832"
},
{
"name": "38834",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "NetBSD-SA2010-005",
"refsource": "NETBSD",
"tags": [],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "39593",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/39593"
},
{
"name": "ADV-2010-0993",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "1021781",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "SSRT101144",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "HPSBUX02639",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691",
"refsource": "CONFIRM",
"tags": [],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"tags": [],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:7076",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "oval:org.mitre.oval:def:19376",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "oval:org.mitre.oval:def:12141",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "oval:org.mitre.oval:def:11225",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-09-19T01:29Z",
"publishedDate": "2009-12-09T18:30Z"
}
}
}
RHSA-2009:1648
Vulnerability from csaf_redhat - Published: 2009-12-08 19:29 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: ntp security update
Severity
Moderate
Notes
Topic: An updated ntp package that fixes a security issue is now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)
All ntp users are advised to upgrade to this updated package, which
contains a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
5.0 ()
Affected products
Fixed
74 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated ntp package that fixes a security issue is now available for Red\nHat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1648",
"url": "https://access.redhat.com/errata/RHSA-2009:1648"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "531213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1648.json"
}
],
"title": "Red Hat Security Advisory: ntp security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:39+00:00",
"generator": {
"date": "2025-11-21T17:35:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2009:1648",
"initial_release_date": "2009-12-08T19:29:00+00:00",
"revision_history": [
{
"date": "2009-12-08T19:29:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-12-08T14:33:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.ia64",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ia64",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"product": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.src",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.src",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"product": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.i386",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.i386",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"product": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.ppc",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ppc",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"product": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.2.2p1-9.el5_4.1.s390x",
"product": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.s390x",
"product_id": "ntp-0:4.2.2p1-9.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"product": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.i386"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.src"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.i386"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.src"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64"
},
"product_reference": "ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3563",
"discovery_date": "2009-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "531213"
}
],
"notes": [
{
"category": "description",
"text": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ntpd: DoS with mode 7 packets (VU#568372)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3563"
},
{
"category": "external",
"summary": "RHBZ#531213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-12-08T19:29:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1648"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src",
"4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x",
"4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.src",
"5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x",
"5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ntpd: DoS with mode 7 packets (VU#568372)"
}
]
}
RHSA-2009:1651
Vulnerability from csaf_redhat - Published: 2009-12-08 19:42 - Updated: 2025-11-21 17:35Summary
Red Hat Security Advisory: ntp security update
Severity
Moderate
Notes
Topic: An updated ntp package that fixes two security issues is now available for
Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)
A buffer overflow flaw was found in the ntpq diagnostic command. A
malicious, remote server could send a specially-crafted reply to an ntpq
request that could crash ntpq or, potentially, execute arbitrary code with
the privileges of the user running the ntpq command. (CVE-2009-0159)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
5.1 ()
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
5.0 ()
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated ntp package that fixes two security issues is now available for\nRed Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nA buffer overflow flaw was found in the ntpq diagnostic command. A\nmalicious, remote server could send a specially-crafted reply to an ntpq\nrequest that could crash ntpq or, potentially, execute arbitrary code with\nthe privileges of the user running the ntpq command. (CVE-2009-0159)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1651",
"url": "https://access.redhat.com/errata/RHSA-2009:1651"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "490617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"category": "external",
"summary": "531213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1651.json"
}
],
"title": "Red Hat Security Advisory: ntp security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:36+00:00",
"generator": {
"date": "2025-11-21T17:35:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2009:1651",
"initial_release_date": "2009-12-08T19:42:00+00:00",
"revision_history": [
{
"date": "2009-12-08T19:42:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-12-08T14:50:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.ia64",
"product": {
"name": "ntp-0:4.1.2-6.el3.ia64",
"product_id": "ntp-0:4.1.2-6.el3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.x86_64",
"product": {
"name": "ntp-0:4.1.2-6.el3.x86_64",
"product_id": "ntp-0:4.1.2-6.el3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.i386",
"product": {
"name": "ntp-0:4.1.2-6.el3.i386",
"product_id": "ntp-0:4.1.2-6.el3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.src",
"product": {
"name": "ntp-0:4.1.2-6.el3.src",
"product_id": "ntp-0:4.1.2-6.el3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.ppc",
"product": {
"name": "ntp-0:4.1.2-6.el3.ppc",
"product_id": "ntp-0:4.1.2-6.el3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.s390x",
"product": {
"name": "ntp-0:4.1.2-6.el3.s390x",
"product_id": "ntp-0:4.1.2-6.el3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"product": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"product_id": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "ntp-0:4.1.2-6.el3.s390",
"product": {
"name": "ntp-0:4.1.2-6.el3.s390",
"product_id": "ntp-0:4.1.2-6.el3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.src"
},
"product_reference": "ntp-0:4.1.2-6.el3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.src"
},
"product_reference": "ntp-0:4.1.2-6.el3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.src"
},
"product_reference": "ntp-0:4.1.2-6.el3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.src"
},
"product_reference": "ntp-0:4.1.2-6.el3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
},
"product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0159",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2009-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "490617"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ntp: buffer overflow in ntpq",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0159"
},
{
"category": "external",
"summary": "RHBZ#490617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0159"
}
],
"release_date": "2009-04-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-12-08T19:42:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1651"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ntp: buffer overflow in ntpq"
},
{
"cve": "CVE-2009-3563",
"discovery_date": "2009-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "531213"
}
],
"notes": [
{
"category": "description",
"text": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ntpd: DoS with mode 7 packets (VU#568372)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3563"
},
{
"category": "external",
"summary": "RHBZ#531213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-12-08T19:42:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1651"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"3AS:ntp-0:4.1.2-6.el3.i386",
"3AS:ntp-0:4.1.2-6.el3.ia64",
"3AS:ntp-0:4.1.2-6.el3.ppc",
"3AS:ntp-0:4.1.2-6.el3.s390",
"3AS:ntp-0:4.1.2-6.el3.s390x",
"3AS:ntp-0:4.1.2-6.el3.src",
"3AS:ntp-0:4.1.2-6.el3.x86_64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-0:4.1.2-6.el3.i386",
"3Desktop:ntp-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-0:4.1.2-6.el3.s390",
"3Desktop:ntp-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-0:4.1.2-6.el3.src",
"3Desktop:ntp-0:4.1.2-6.el3.x86_64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3ES:ntp-0:4.1.2-6.el3.i386",
"3ES:ntp-0:4.1.2-6.el3.ia64",
"3ES:ntp-0:4.1.2-6.el3.ppc",
"3ES:ntp-0:4.1.2-6.el3.s390",
"3ES:ntp-0:4.1.2-6.el3.s390x",
"3ES:ntp-0:4.1.2-6.el3.src",
"3ES:ntp-0:4.1.2-6.el3.x86_64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64",
"3WS:ntp-0:4.1.2-6.el3.i386",
"3WS:ntp-0:4.1.2-6.el3.ia64",
"3WS:ntp-0:4.1.2-6.el3.ppc",
"3WS:ntp-0:4.1.2-6.el3.s390",
"3WS:ntp-0:4.1.2-6.el3.s390x",
"3WS:ntp-0:4.1.2-6.el3.src",
"3WS:ntp-0:4.1.2-6.el3.x86_64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.i386",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x",
"3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ntpd: DoS with mode 7 packets (VU#568372)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…