Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Apple TV Remote Network Time Protocol DoS

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple TV 4.x

This thread has been marked as locked.
smitheo1 Apple TV Remote Network Time Protocol DoS
Member 21st Jul, 2010 20:47
Ranking: 0
Posts: 1
User Since: 31st Jul, 2008
System Score: 100%
Location: US
Last edited on 21st Jul, 2010 20:48

I ran a scan on my Apple TV using the Nessus and got these results:

Port 123/UDP

Synopsis
The remote network time service has a denial of service
vulnerability.

Description
The version of ntpd running on the remote host has a denial of
service vulnerability. It responds to mode 7 error packets with its
own mode 7 error packets. A remote attacker could exploit this by
sending a mode 7 error response with a spoofed IP header, setting the
source and destination IP addresses to the IP address of the target.
This would cause ntpd to respond to itself endlessly, consuming
excessive amounts of CPU, resulting in a denial of service.

Solution
Upgrade to NTP 4.2.4p8 or later.

See Also
https://support.ntp.org/bugs/show_bug.cgi?id=1331
http://www.nessus.org/u?3a07ed05 (vendor advisory)

CVSS
6.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVE
CVE-2009-3563

BID
37255

Xref
CERT:568372
OSVDB:60847
Secunia:37629

--
Erick Smith
US Army, Security +

taffy078 RE: Apple TV Remote Network Time Protocol DoS
Contributor 21st Jul, 2010 21:49
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 21st Jul, 2010 21:55
withdrawn by me - sorry

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability