Red Hat Customer Portal

Skip to main content

Security Advisory Moderate: ntp security update

Advisory: RHSA-2009:1648-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-12-08
Last updated on: 2009-12-08
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.4.z server)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-3563

Details

An updated ntp package that fixes a security issue is now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.

Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled
certain malformed NTP packets. ntpd logged information about all such
packets and replied with an NTP packet that was treated as malformed when
received by another ntpd. A remote attacker could use this flaw to create
an NTP packet reply loop between two ntpd servers via a malformed packet
with a spoofed source IP address and port, causing ntpd on those servers to
use excessive amounts of CPU time and fill disk space with log messages.
(CVE-2009-3563)

All ntp users are advised to upgrade to this updated package, which
contains a backported patch to resolve this issue. After installing the
update, the ntpd daemon will restart automatically.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm
File outdated by:  RHBA-2011:0222
    MD5: 1d2f7dce1699e36d7706de7913c18117
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm
File outdated by:  RHBA-2011:0222
    MD5: c290c11b697a19fde26dc4ea8d650ee1
 
Red Hat Enterprise Linux (v. 5 server)

IA-32:
ntp-4.2.2p1-9.el5_4.1.i386.rpm
File outdated by:  RHSA-2014:2025
    MD5: 5f9ee3b1ddb0bc4761a4a4fb88a69c7f
 
IA-64:
ntp-4.2.2p1-9.el5_4.1.ia64.rpm
File outdated by:  RHSA-2014:2025
    MD5: 569346fd1de14c4c679dc70487f5640d
 
PPC:
ntp-4.2.2p1-9.el5_4.1.ppc.rpm
File outdated by:  RHSA-2014:2025
    MD5: 508b0583fca9994247799b2bf115064d
 
s390x:
ntp-4.2.2p1-9.el5_4.1.s390x.rpm
File outdated by:  RHSA-2014:2025
    MD5: 6cd7a2206f2c108b5329ea08e14d4597
 
x86_64:
ntp-4.2.2p1-9.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2014:2025
    MD5: 36eba253489fe66ed9a2412d9cf103fd
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm
File outdated by:  RHBA-2011:0222
    MD5: 1d2f7dce1699e36d7706de7913c18117
 
IA-64:
ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm
File outdated by:  RHBA-2011:0222
    MD5: 9298afe899f3bae2e788fd8f2ad0b276
 
PPC:
ntp-4.2.0.a.20040617-8.el4_8.1.ppc.rpm
File outdated by:  RHBA-2011:0222
    MD5: 6f04cc62bf02033da294ab14fed4fc22
 
s390:
ntp-4.2.0.a.20040617-8.el4_8.1.s390.rpm
File outdated by:  RHBA-2011:0222
    MD5: 812e50353df3e06e9651e14ae1fab47a
 
s390x:
ntp-4.2.0.a.20040617-8.el4_8.1.s390x.rpm
File outdated by:  RHBA-2011:0222
    MD5: 0efcf06a6905897bf2bfc3005a7ea222
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm
File outdated by:  RHBA-2011:0222
    MD5: c290c11b697a19fde26dc4ea8d650ee1
 
Red Hat Enterprise Linux AS (v. 4.8.z)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm     MD5: 1d2f7dce1699e36d7706de7913c18117
 
IA-64:
ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm     MD5: 9298afe899f3bae2e788fd8f2ad0b276
 
PPC:
ntp-4.2.0.a.20040617-8.el4_8.1.ppc.rpm     MD5: 6f04cc62bf02033da294ab14fed4fc22
 
s390:
ntp-4.2.0.a.20040617-8.el4_8.1.s390.rpm     MD5: 812e50353df3e06e9651e14ae1fab47a
 
s390x:
ntp-4.2.0.a.20040617-8.el4_8.1.s390x.rpm     MD5: 0efcf06a6905897bf2bfc3005a7ea222
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm     MD5: c290c11b697a19fde26dc4ea8d650ee1
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
ntp-4.2.2p1-9.el5_4.1.i386.rpm
File outdated by:  RHSA-2014:2025
    MD5: 5f9ee3b1ddb0bc4761a4a4fb88a69c7f
 
x86_64:
ntp-4.2.2p1-9.el5_4.1.x86_64.rpm
File outdated by:  RHSA-2014:2025
    MD5: 36eba253489fe66ed9a2412d9cf103fd
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm
File outdated by:  RHBA-2011:0222
    MD5: 1d2f7dce1699e36d7706de7913c18117
 
IA-64:
ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm
File outdated by:  RHBA-2011:0222
    MD5: 9298afe899f3bae2e788fd8f2ad0b276
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm
File outdated by:  RHBA-2011:0222
    MD5: c290c11b697a19fde26dc4ea8d650ee1
 
Red Hat Enterprise Linux ES (v. 4.8.z)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm     MD5: 1d2f7dce1699e36d7706de7913c18117
 
IA-64:
ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm     MD5: 9298afe899f3bae2e788fd8f2ad0b276
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm     MD5: c290c11b697a19fde26dc4ea8d650ee1
 
Red Hat Enterprise Linux EUS (v. 5.4.z server)

IA-32:
ntp-4.2.2p1-9.el5_4.1.i386.rpm     MD5: 5f9ee3b1ddb0bc4761a4a4fb88a69c7f
 
IA-64:
ntp-4.2.2p1-9.el5_4.1.ia64.rpm     MD5: 569346fd1de14c4c679dc70487f5640d
 
PPC:
ntp-4.2.2p1-9.el5_4.1.ppc.rpm     MD5: 508b0583fca9994247799b2bf115064d
 
s390x:
ntp-4.2.2p1-9.el5_4.1.s390x.rpm     MD5: 6cd7a2206f2c108b5329ea08e14d4597
 
x86_64:
ntp-4.2.2p1-9.el5_4.1.x86_64.rpm     MD5: 36eba253489fe66ed9a2412d9cf103fd
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
ntp-4.2.0.a.20040617-8.el4_8.1.i386.rpm
File outdated by:  RHBA-2011:0222
    MD5: 1d2f7dce1699e36d7706de7913c18117
 
IA-64:
ntp-4.2.0.a.20040617-8.el4_8.1.ia64.rpm
File outdated by:  RHBA-2011:0222
    MD5: 9298afe899f3bae2e788fd8f2ad0b276
 
x86_64:
ntp-4.2.0.a.20040617-8.el4_8.1.x86_64.rpm
File outdated by:  RHBA-2011:0222
    MD5: c290c11b697a19fde26dc4ea8d650ee1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

531213 - CVE-2009-3563 ntpd: DoS with mode 7 packets (VU#568372)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/