Unrated severityNVD Advisory· Published Dec 9, 2009· Updated Jun 16, 2026
CVE-2009-3563
CVE-2009-3563
Description
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*range: <=4.2.2p4
- cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
43- support.ntp.org/bin/view/Main/SecurityNoticenvdPatch
- www.debian.org/security/2009/dsa-1948nvdPatch
- www.kb.cert.org/vuls/id/568372nvdPatchUS Government Resource
- www.securityfocus.com/bid/37255nvdPatch
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.ascnvd
- aix.software.ibm.com/aix/efixes/security/xntpd_advisory.ascnvd
- bugs.debian.org/cgi-bin/bugreport.cginvd
- kb.juniper.net/InfoCenter/indexnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvd
- marc.infonvd
- marc.infonvd
- secunia.com/advisories/37629nvd
- secunia.com/advisories/37922nvd
- secunia.com/advisories/38764nvd
- secunia.com/advisories/38794nvd
- secunia.com/advisories/38832nvd
- secunia.com/advisories/38834nvd
- secunia.com/advisories/39593nvd
- security-tracker.debian.org/tracker/CVE-2009-3563nvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/css/P8/documents/100071808nvd
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- www.kb.cert.org/vuls/id/MAPG-7X7V6Jnvd
- www.kb.cert.org/vuls/id/MAPG-7X7VD7nvd
- www.vupen.com/english/advisories/2010/0510nvd
- www.vupen.com/english/advisories/2010/0528nvd
- www.vupen.com/english/advisories/2010/0993nvd
- bugzilla.redhat.com/show_bug.cginvd
- lists.ntp.org/pipermail/announce/2009-December/000086.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076nvd
- rhn.redhat.com/errata/RHSA-2009-1648.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1651.htmlnvd
- rhn.redhat.com/errata/RHSA-2010-0095.htmlnvd
- support.ntp.org/bugs/show_bug.cginvd
- www.kb.cert.org/vuls/id/417980nvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.htmlnvd
News mentions
0No linked articles in our index yet.