NTP BUG 1331: DoS attack from certain NTP mode 7 packets

Last update: June 28, 2022 20:06 UTC (57417e17c)


Resolved 4.2.4p8
08 December 2009
References Bug 1331 CVE-2009-3563
Affects All releases from xntp2 (1989) (possibly earlier) through 4.2.4 before 4.2.4p8 and all versions of 4.2.5. Resolved in 4.2.4p8 and 4.2.6.


NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address which is not listed in a restrict ... noquery or restrict ... ignore statement, ntpd will reply with a mode 7 error response (and log a message). In this case:



This vulnerability was discovered by Robin Park and Dmitri Vinokurov of Alcatel-Lucent.