Forum Thread: Apple TV Remote Network Time Protocol DoS

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple TV 4.x

This thread has been marked as locked.
smitheo1 Apple TV Remote Network Time Protocol DoS
Member 21st Jul, 2010 20:47
Ranking: 0
Posts: 1
User Since: 31st Jul, 2008
System Score: 100%
Location: US
Last edited on 21st Jul, 2010 20:48

I ran a scan on my Apple TV using the Nessus and got these results:

Port 123/UDP

Synopsis
The remote network time service has a denial of service
vulnerability.

Description
The version of ntpd running on the remote host has a denial of
service vulnerability. It responds to mode 7 error packets with its
own mode 7 error packets. A remote attacker could exploit this by
sending a mode 7 error response with a spoofed IP header, setting the
source and destination IP addresses to the IP address of the target.
This would cause ntpd to respond to itself endlessly, consuming
excessive amounts of CPU, resulting in a denial of service.

Solution
Upgrade to NTP 4.2.4p8 or later.

See Also
https://support.ntp.org/bugs/show_bug.cgi?id=1331
http://www.nessus.org/u?3a07ed05 (vendor advisory)

CVSS
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVE
CVE-2009-3563

BID
37255

Xref
CERT:568372
OSVDB:60847
Secunia:37629

--
Erick Smith
US Army, Security +

taffy078 RE: Apple TV Remote Network Time Protocol DoS
Contributor 21st Jul, 2010 21:49
Score: 408
Posts: 1,355
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 21st Jul, 2010 21:55
withdrawn by me - sorry

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.