Sign-up

ID

VAR-200912-0769


CVE

CVE-2009-3563


TITLE

Implementations of UDP-based application protocols are vulnerable to network loops

Trust: 0.8

sources: CERT/CC: VU#417980

DESCRIPTION

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.CVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 AffectedCVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 Affected. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets. An attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0004 Synopsis: ESX Service Console and vMA third party updates Issue date: 2010-03-03 Updated on: 2010-03-03 (initial release of advisory) CVE numbers: CVE-2009-2905 CVE-2008-4552 CVE-2008-4316 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-0590 CVE-2009-4022 CVE-2009-3560 CVE-2009-3720 CVE-2009-2904 CVE-2009-3563 CVE-2009-2695 CVE-2009-2849 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2008-3916 CVE-2009-1189 CVE-2009-0115 - ------------------------------------------------------------------------ 1. Summary ESX Service Console updates for newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages. 2. Relevant releases VMware ESX 4.0.0 without patch ESX400-201002404-SG, ESX400-201002407-SG, ESX400-201002406-SG VMware vMA 4.0 before patch 3 3. Problem Description a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002406-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. vMA and Service Console update for vMA package nfs-utils to 1.0.9-42.el5 The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4552 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002407-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1 GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either from or to a base64 representation. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4316 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201002404-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. vMA and Service Console update for openssl to 0.9.8e-12.el5 SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full- strength cryptography world-wide. Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0590 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1 It was discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4022 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially- crafted XML file could cause applications using Expat to fail while parsing the file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-3560 and CVE-2009-3720 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2 A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2904 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. vMA and Service Console package ntp updated to ntp-4.2.2p1-9.el5_4.1.i386.rpm A flaw was discovered in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. i. vMA update for package kernel to 2.6.18-164.9.1.el5 Updated vMA package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2849 to the security issue fixed in kernel 2.6.18-128.2.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-128.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-128.9.1 The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** vMA is updated to kernel version 2.6.18-164.9.1 j. vMA 4.0 updates for the packages kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to 095-14.20.el5 device-mapper-multipath package updated to 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5, and ed package updated to 0.2-39.el5_2. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3916, CVE-2009-1189 and CVE-2009-0115 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 3 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732 240/ESX400-201002001.zip md5sum: de62cbccaffa4b2b6831617f18c1ccb4 sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab http://kb.vmware.com/kb/1018403 Note: ESX400-201002001 contains the following security bulletins ESX400-201002404-SG, ESX400-201002407-SG, and ESX400-201002406-SG. To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201002001.zip -b ESX400-201002404-SG \ -b ESX400-201002407-SG -b ESX400-201002406-SG update vMA 4.0 ------- To update VIMA 1 Log in to VIMA as vi-admin. 2 type 'sudo /usr/sbin/vima-update update' this will apply all currently available updates. See http://tinyurl.com/yfekgrx for more information. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115 - ------------------------------------------------------------------------ 6. Change log 2010-03-03 VMSA-2010-0004 Initial security advisory after release of bulletins for ESX 4.0 on 2010-03-03 and release of vMA Patch 3 on 2010-02-25. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFLj1c6S2KysvBH1xkRAnl5AJ9RcHVB7qooSwOPFdVoDFTjohDypgCfZ44O 2z0ICIcntM88ZONMfDNUM6Y= =14fN -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-867-1 December 08, 2009 ntp vulnerability CVE-2009-3563 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.3 ntp-server 1:4.2.0a+stable-8.1ubuntu6.3 Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.3 Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.4 Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.2 Ubuntu 9.10: ntp 1:4.2.4p6+dfsg-1ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82 http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67 http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb Size/MD5: 207566 433dca719ea61cca73b993a530299fae Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb Size/MD5: 66780 35b709a20016e07b383362610ae2b45a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb Size/MD5: 61964 7937872f5231323d82c98f0ace751a79 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb Size/MD5: 442316 9441f50fefcd831651417c8e66353769 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb Size/MD5: 929066 4230567b7ef012596cd5e291df13df76 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz Size/MD5: 344395 26dd6961151053346b36474a18d6412f http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb Size/MD5: 529994 c766915925a1cccbd27332232a45e016 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb Size/MD5: 490892 83e3785020b3cb659b6559cb51632333 http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911 http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3 . Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) CVE Name: CVE-2009-3563 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. II. Problem Description If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. III. IV. Workaround Proper filtering of mode 7 NTP packets by a firewall can limit the number of systems used to attack your resources. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp/ntpd # make obj && make depend && make && make install # /etc/rc.d/ntpd restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.13 src/sys/conf/newvers.sh 1.69.2.18.2.15 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.20 src/sys/conf/newvers.sh 1.69.2.15.2.19 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 RELENG_7 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 RELENG_7_2 src/UPDATING 1.507.2.23.2.9 src/sys/conf/newvers.sh 1.72.2.11.2.10 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.13 src/sys/conf/newvers.sh 1.72.2.9.2.14 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 RELENG_8 src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.5 src/sys/conf/newvers.sh 1.83.2.6.2.5 src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r201679 releng/6.4/ r201679 releng/6.3/ r201679 stable/7/ r201679 releng/7.2/ r201679 releng/7.1/ r201679 stable/8/ r201679 releng/8.0/ r201679 head/ r200576 - ------------------------------------------------------------------------- VII. Release Date: 2013-03-27 Last Updated: 2013-05-14 Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. References: CVE-2009-3563, CVE-2009-0159 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running XNTP version 3.5 without PHNE_41177. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-0159 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrade and patch to resolve these vulnerabilities. The upgrade is available by downloading from software.hp.com -> HPUX 11i Software -> Internet ready and networking -> HP-UX Network Time Protocol version 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=HPUX-NTP Please review the Installation link at the bottom of the page. NOTE: Patch PHNE_42470 is a required patch, necessary for reliable system operation MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.0.0 or subsequent Networking.NET-PRG Networking.NET-RUN OS-Core.SYS-ADMIN ProgSupport.C-INC Networking.NET-RUN-64 Networking.NET2-KRN Networking.NET2-RUN Networking.NMS2-KRN OS-Core.CORE2-KRN OS-Core.SYS2-ADMIN Networking.NET-RUN-64 Networking.NET2-KRN Networking.NET2-RUN Networking.NMS2-KRN OS-Core.CORE2-KRN OS-Core.SYS2-ADMIN action: install patch PHNE_42470 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 27 March 2013 Initial release Version:2 (rev.2) - 8 April 2013 Corrected typo in References section Version:3 (rev.3) - 14 May 2013 Added required patch to Resolution section Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Workaround ========== There is no known workaround at this time. Resolution ========== All NTP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1" References ========== [ 1 ] CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201001-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2009-3563 // CERT/CC: VU#417980 // BID: 37255 // VULMON: CVE-2009-3563 // PACKETSTORM: 86900 // PACKETSTORM: 83609 // PACKETSTORM: 84917 // PACKETSTORM: 121645 // PACKETSTORM: 84704

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications manager 5.1scope: - version: -

Trust: 2.1

vendor:ntpmodel:ntpscope:eqversion:4.1.2

Trust: 1.9

vendor:ntpmodel:ntpscope:eqversion:4.2.2p2

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.91

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.2.2p3

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.93

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.2.2p1

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.73

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.92

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.90

Trust: 1.6

vendor:ntpmodel:ntpscope:eqversion:4.0.94

Trust: 1.6

vendor:ntpmodel:ntpscope:lteversion:4.2.2p4

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.2

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.72

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.96

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.97

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.5

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.2.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.1.0

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.98

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.95

Trust: 1.0

vendor:ntpmodel:ntpscope:eqversion:4.0.99

Trust: 1.0

vendor:ciscomodel:unified communications manager su1scope:eqversion:6.1

Trust: 0.6

vendor:ciscomodel:unified callmanager 4.3 sr1ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 131scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified meetingplace expressscope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-release-p2scope:eqversion:7.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.4

Trust: 0.3

vendor:nortelmodel:networks enterprise voip tm-cs1000scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.3

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.3

Trust: 0.3

vendor:ciscomodel:ace appliancescope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 121scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.5

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.7

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:15.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.3.2

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr5scope: - version: -

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.6.1

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2ascope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 124scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 123scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip buildscope:eqversion:9.2413.1

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.17

Trust: 0.3

vendor:sunmodel:opensolaris build snv 114scope: - version: -

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 128scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:ciscomodel:wireless location appliancescope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified communicationsscope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:14.1

Trust: 0.3

vendor:vmwaremodel:vmascope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:neversion:6.4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.8

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2

Trust: 0.3

vendor:ciscomodel:unified callmanager sr5cscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.3

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr2bscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:freebsdmodel:6.3-release-p10scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:1.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4.6

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:6.3

Trust: 0.3

vendor:ntpmodel:p1scope:eqversion:4.2.2

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:14.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.0scope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:4.3

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:6.3-release-p11scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 120scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-rc2scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.6

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(3)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.0(1)

Trust: 0.3

vendor:freebsdmodel:7.0-release-p12scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr8ascope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.3 sr1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platform sp1.1scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.2.1

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:7.1-release-p4scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-stablescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.5

Trust: 0.3

vendor:ciscomodel:ace xml gatewayscope:eqversion:0

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 126scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-release-p4scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:3.5

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.0.1

Trust: 0.3

vendor:freebsdmodel:7.1-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p8scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.6

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.0(2)

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(4)

Trust: 0.3

vendor:junipermodel:ctpos 6.6r2scope:neversion: -

Trust: 0.3

vendor:avayamodel:intuity audix lx sp2scope:eqversion:2.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:mdsscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:unified callmanager 3.3 sr3scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.5

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 130scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.1-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 6.1scope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-pre-releasescope:eqversion:7.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.19

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr4scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(2)

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:freebsdmodel:8.0-releasescope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.1 su1scope: - version: -

Trust: 0.3

vendor:sunmodel:sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(3)

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:16.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 118scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.2-prereleasescope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.18

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 112scope: - version: -

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:sunmodel:sparc t3-2scope:eqversion:0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:7.2-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(3)

Trust: 0.3

vendor:ntpmodel:p8scope:neversion:4.2.4

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.4

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms alphascope:eqversion:5.7

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:6.3

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.3

vendor:sunmodel:netra sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(4)

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:6.4

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 132scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:freebsdmodel:-release-p1scope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr1bscope: - version: -

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr7scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p6scope:eqversion:6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtos update patch ascope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr4bscope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.0-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:7.1-release-p6scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.1

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:7.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:wide area application services 4.1.1bscope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager sr4scope:eqversion:4.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.1.1

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:4.25

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:6.4-release-p2scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 125scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:telepresence readiness assessment managerscope:eqversion:1.0

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.9

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.3.1

Trust: 0.3

vendor:junipermodel:idp 5.1r4scope:neversion: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:3.1

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20080

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:6.4-release-p4scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1(2)

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:7.0-releasescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 113scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:unified communication manager business editionscope:eqversion:0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.0.x

Trust: 0.3

vendor:ciscomodel:meetingplacescope: - version: -

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 119scope: - version: -

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.13

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.2 sr2scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:sunmodel:sparc t3-4scope:eqversion:0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.4.1

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:4.3(2)

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr1scope: - version: -

Trust: 0.3

vendor:ciscomodel:telepresence recording serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:unified callmanager 5.0 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.1 sr8scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.3

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 122scope: - version: -

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.6

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.6

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.5

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:digital media playerscope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified callmanager sr5bscope:eqversion:4.1

Trust: 0.3

vendor:freebsdmodel:6.0-relengscope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.2

Trust: 0.3

vendor:ntpmodel:4.2.0.ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:ciscomodel:ip interoperability & communications system ipicsscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:sunmodel:netra sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:ciscomodel:unified communications manager sr2bscope:eqversion:4.2

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:6.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:sunmodel:sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 129scope: - version: -

Trust: 0.3

vendor:qnxmodel:rtos sp3scope:eqversion:6.3.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.0

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(2)

Trust: 0.3

vendor:avayamodel:intuity audix lx r1.1scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:freebsdmodel:beta4scope:eqversion:7.0

Trust: 0.3

vendor:qnxmodel:rtosscope:eqversion:2.4

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.4

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:3.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:1.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.3.30

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms i64scope:eqversion:5.7

Trust: 0.3

vendor:freebsdmodel:7.2-release-p1scope: - version: -

Trust: 0.3

vendor:f5model:big-ip application security managerscope:eqversion:9.4.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:intuity audix lx sp1scope:eqversion:2.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ace application control enginescope:eqversion:47000

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 117scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 133scope:neversion: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.2.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:ciscomodel:nexusscope:eqversion:50000

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0

Trust: 0.3

vendor:junipermodel:ctpos 6.6r1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:5.1(1)

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p11scope: - version: -

Trust: 0.3

vendor:netbsdmodel:beta2scope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 4.3 sr.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(1)

Trust: 0.3

vendor:ciscomodel:unified callmanagerscope:eqversion:5.0(1)

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ntpmodel:p4scope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:9.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.0 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:6.1(2)

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager sr3scope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 115scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:3.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.3

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified meetingplacescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wide area application servicesscope:eqversion:4.0.7

Trust: 0.3

vendor:sunmodel:opensolaris build snv 116scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 127scope: - version: -

Trust: 0.3

vendor:junipermodel:idpscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:6.4-relengscope: - version: -

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:unified callmanager 4.2 sr1scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:6.4-release-p5scope: - version: -

Trust: 0.3

sources: BID: 37255 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3563
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200912-113
value: MEDIUM

Trust: 0.6

VULMON: CVE-2009-3563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3563
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2009-3563 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2009-3563

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 83609 // CNNVD: CNNVD-200912-113

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200912-113

PATCH

title:Debian CVElist Bug Report Logs: ntp: CVE-2009-3563 DoS through mode 7 packetsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=6af87915827741e9268f059d7932cd80

Trust: 0.1

title:Ubuntu Security Notice: ntp vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-867-1

Trust: 0.1

title:Debian Security Advisories: DSA-1948-1 ntp -- denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=dccc5b29483e1b8bed9fa984fc8c8c6e

Trust: 0.1

title:Cisco: Network Time Protocol Package Remote Message Loop Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20091208-CVE-2009-3563

Trust: 0.1

title:Debian Security Advisories: DSA-1992-1 chrony -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0329811e8a24491e35ce229b8b52259d

Trust: 0.1

title:VMware Security Advisories: ESX Service Console and vMA third party updatesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=5f45ebecc93cf53cc0b45af03208cba6

Trust: 0.1

title:VMware Security Advisories: ESXi utilities and ESX Service Console third party updatesurl:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=9ca0d654a28a118d1f99d0ae3b1753e8

Trust: 0.1

sources: VULMON: CVE-2009-3563

EXTERNAL IDS

db:NVDid:CVE-2009-3563

Trust: 3.3

db:CERT/CCid:VU#568372

Trust: 2.1

db:BIDid:37255

Trust: 2.0

db:CERT/CCid:VU#417980

Trust: 1.8

db:SECTRACKid:1023298

Trust: 1.7

db:VUPENid:ADV-2010-0510

Trust: 1.1

db:VUPENid:ADV-2010-0528

Trust: 1.1

db:VUPENid:ADV-2010-0993

Trust: 1.1

db:SECUNIAid:37922

Trust: 1.1

db:SECUNIAid:37629

Trust: 1.1

db:SECUNIAid:38832

Trust: 1.1

db:SECUNIAid:38834

Trust: 1.1

db:SECUNIAid:38764

Trust: 1.1

db:SECUNIAid:39593

Trust: 1.1

db:SECUNIAid:38794

Trust: 1.1

db:JUNIPERid:JSA10673

Trust: 1.1

db:JUNIPERid:JSA10691

Trust: 1.1

db:FEDORAid:FEDORA-2009-13090

Trust: 0.6

db:FEDORAid:FEDORA-2009-13121

Trust: 0.6

db:REDHATid:RHSA-2010:0095

Trust: 0.6

db:REDHATid:RHSA-2009:1651

Trust: 0.6

db:REDHATid:RHSA-2009:1648

Trust: 0.6

db:DEBIANid:DSA-1948

Trust: 0.6

db:CNNVDid:CNNVD-200912-113

Trust: 0.6

db:VULMONid:CVE-2009-3563

Trust: 0.1

db:PACKETSTORMid:86900

Trust: 0.1

db:PACKETSTORMid:83609

Trust: 0.1

db:PACKETSTORMid:84917

Trust: 0.1

db:PACKETSTORMid:121645

Trust: 0.1

db:PACKETSTORMid:84704

Trust: 0.1

sources: CERT/CC: VU#417980 // VULMON: CVE-2009-3563 // BID: 37255 // PACKETSTORM: 86900 // PACKETSTORM: 83609 // PACKETSTORM: 84917 // PACKETSTORM: 121645 // PACKETSTORM: 84704 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

REFERENCES

url:http://www.kb.cert.org/vuls/id/568372

Trust: 2.2

url:http://support.ntp.org/bin/view/main/securitynotice#dos_attack_from_certain_ntp_mode

Trust: 1.8

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074

Trust: 1.8

url:https://rhn.redhat.com/errata/rhsa-2009-1651.html

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/mapg-7x7vd7

Trust: 1.7

url:http://www.debian.org/security/2009/dsa-1948

Trust: 1.7

url:http://securitytracker.com/id?1023298

Trust: 1.7

url:http://www.securityfocus.com/bid/37255

Trust: 1.7

url:https://rhn.redhat.com/errata/rhsa-2009-1648.html

Trust: 1.7

url:http://security-tracker.debian.org/tracker/cve-2009-3563

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/mapg-7x7v6j

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=531213

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00809.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00763.html

Trust: 1.7

url:https://rhn.redhat.com/errata/rhsa-2010-0095.html

Trust: 1.7

url:https://support.ntp.org/bugs/show_bug.cgi?id=1331

Trust: 1.5

url:http://support.avaya.com/css/p8/documents/100071808

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg1iz71047

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=isg1iz68659

Trust: 1.4

url:https://lists.ntp.org/pipermail/announce/2009-december/000086.html

Trust: 1.1

url:http://secunia.com/advisories/37922

Trust: 1.1

url:http://secunia.com/advisories/37629

Trust: 1.1

url:http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0510

Trust: 1.1

url:http://secunia.com/advisories/38764

Trust: 1.1

url:http://secunia.com/advisories/38794

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0528

Trust: 1.1

url:http://secunia.com/advisories/38832

Trust: 1.1

url:http://secunia.com/advisories/38834

Trust: 1.1

url:http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Trust: 1.1

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-005.txt.asc

Trust: 1.1

url:http://secunia.com/advisories/39593

Trust: 1.1

url:http://www.vupen.com/english/advisories/2010/0993

Trust: 1.1

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136482797910018&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=130168580504508&w=2

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10691

Trust: 1.1

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10673

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7076

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19376

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12141

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11225

Trust: 1.1

url:https://www.kb.cert.org/vuls/id/417980

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2009-3563

Trust: 0.5

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time

Trust: 0.3

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=985679

Trust: 0.3

url:http://www.ntp.org/

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100073364

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100071806

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3563

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://usn.ubuntu.com/867-1/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091208-cve-2009-3563

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4022

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1386

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1377

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2905

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2908

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3916

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1189

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1377

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1387

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3228

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1387

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2849

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1378

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4316

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3286

Trust: 0.1

url:http://tinyurl.com/yfekgrx

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3613

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1379

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4316

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2908

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0590

Trust: 0.1

url:https://hostupdate.vmware.com/software/vum/offline/release-192-20100228-732

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3726

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2905

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2904

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1379

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1378

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://kb.vmware.com/kb/1018403

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb

Trust: 0.1

url:http://security.freebsd.org/patches/sa-10:02/ntpd.patch

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://security.freebsd.org/patches/sa-10:02/ntpd.patch.asc

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-10:02.ntpd.asc

Trust: 0.1

url:https://h20392.www2.hp.com/portal/swdepot/displayp

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0159

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:http://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201001-01.xml

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

sources: VULMON: CVE-2009-3563 // BID: 37255 // PACKETSTORM: 86900 // PACKETSTORM: 83609 // PACKETSTORM: 84917 // PACKETSTORM: 121645 // PACKETSTORM: 84704 // CNNVD: CNNVD-200912-113 // NVD: CVE-2009-3563

CREDITS

Statement Date:   January 17, 2024

Trust: 0.8

sources: CERT/CC: VU#417980

SOURCES

db:CERT/CCid:VU#417980
db:VULMONid:CVE-2009-3563
db:BIDid:37255
db:PACKETSTORMid:86900
db:PACKETSTORMid:83609
db:PACKETSTORMid:84917
db:PACKETSTORMid:121645
db:PACKETSTORMid:84704
db:CNNVDid:CNNVD-200912-113
db:NVDid:CVE-2009-3563

LAST UPDATE DATE

2025-02-22T22:52:26.478000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#417980date:2024-03-20T00:00:00
db:VULMONid:CVE-2009-3563date:2017-09-19T00:00:00
db:BIDid:37255date:2015-05-12T19:46:00
db:CNNVDid:CNNVD-200912-113date:2009-12-10T00:00:00
db:NVDid:CVE-2009-3563date:2024-11-21T01:07:40.913

SOURCES RELEASE DATE

db:CERT/CCid:VU#417980date:2024-03-19T00:00:00
db:VULMONid:CVE-2009-3563date:2009-12-09T00:00:00
db:BIDid:37255date:2009-12-08T00:00:00
db:PACKETSTORMid:86900date:2010-03-05T03:32:24
db:PACKETSTORMid:83609date:2009-12-09T00:21:25
db:PACKETSTORMid:84917date:2010-01-07T19:01:14
db:PACKETSTORMid:121645date:2013-05-15T16:22:00
db:PACKETSTORMid:84704date:2010-01-04T02:50:23
db:CNNVDid:CNNVD-200912-113date:2009-12-09T00:00:00
db:NVDid:CVE-2009-3563date:2009-12-09T18:30:00.390