The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 275590 A Security Vulnerability in the ntp Daemon (xntpd(1M)) May Lead to a Denial of the Solaris Network Time Protocol(NTP) Service

Guest Author
Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

A Security Vulnerability in the ntp Daemon (xntpd(1M)) associatedwith the handling
of NTP mode 7 (MODE_PRIVATE), may lead to consumption of CPU andexcessive
logging resulting in a denial of the Solaris Network Time Protocol(NTP)Service.

This issue is also described in the following documents:

CVE-2009-3563 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
US-CERT Vulnerability Note VU#568372 at http://www.kb.cert.org/vuls/id/568372

State: Workaround
First released: 13-Jan-2010

Join the discussion

Comments ( 1 )
  • Paul Liong Sunday, January 17, 2010

    Hi All,

    It is noticed that our server is setup as a 'ntp' client. However, the following:

    netstat -na | grep 123
    \*.123 Idle Idle Idle

    So, will our server affect by this Alert?

    Thanks & Regards

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.