[ntp:questions] NTP 4.2.6 Released

NTP Public Services Project webmaster at ntp.org
Sat Dec 12 16:51:46 UTC 2009

Redwood City, CA - 2009/12/12 - The NTP Public Services Project
(http://support.ntp.org/) is pleased to announce that NTP 4.2.6,
a Stable Release of the NTP Reference Implementation from the
NTP Project, is now available at http://www.ntp.org/downloads.html and

File-size: 4322055 bytes

MD5 sum: 4d64a99592b818aa9419fc9dcb149746

Focus: Security Fixes

Severity: HIGH

This release fixes the following high-severity vulnerability:

* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.

See http://support.ntp.org/security for more information.

NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control
utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine
NTP time transfers use modes 1 through 5. Upon receipt of an incorrect
mode 7 request or a mode 7 error response from an address which is not
listed in a "restrict ... noquery" or "restrict ... ignore" statement,
ntpd will reply with a mode 7 error response (and log a message). In
this case:

* If an attacker spoofs the source address of ntpd host A in a mode 7
response packet sent to ntpd host B, both A and B will continuously send
each other error responses, for as long as those packets get through.

* If an attacker spoofs an address of ntpd host A in a mode 7 response
packet sent to ntpd host A, A will respond to itself endlessly,
consuming CPU and logging excessively.

Credit for finding this vulnerability goes to Robin Park and Dmitri
Vinokurov of Alcatel-Lucent.


Please report any bugs, issues, or desired enhancements at

The NTP (Network Time Protocol) Public Services Project, which is
hosted by Internet Systems Consortium, Inc. (http://www.isc.org/),
provides support and additional development resources for the
Reference Implementation of NTP produced by the NTP Project

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the questions mailing list