[ntp:questions] One last release candidate (in name only) and a new -stable

Jan Ceuleers janspam.ceuleers at skynet.be
Wed Dec 9 13:31:27 UTC 2009

Dave Hart wrote:
> Regarding CVE-2009-3563 patched yesterday [1], versions of 4.2.4
> through p7 are vulnerable, as are all versions of 4.2.5.  The fix
> first appears in 4.2.4p8 and 4.2.6.  The crux of the bug was
> responding to mode 7 responses with an error response.  When triggered
> between two ntpd servers, or in some cases with a single server
> talking to itself, the ntpd processes would run away transmitting
> packets and logging a message for each as fast as conditions
> permitted, until something dropped a packet.  When I first reproduced
> it, syslog helpfully collapsed a quarter-million identical log lines
> into one for me.
> Cheers,
> Dave Hart
> [1] http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode

Thanks to Robin and Dmitri for finding and reporting the problem!

More information about the questions mailing list