CVE-2009-3563

Name of the Vulnerable Software and Affected Versions Moxa PT-508, PT-7728, PT-7828, MDS-G4012 (affected versions not specified) ntp versions prior to 4.2.4p8 ntp version 4.2.0.a.20040617 ntp version 4.1.2

Description The issue is related to uncontrolled recursion in the Ethernet switch microcode and multiple vulnerabilities in the ntp package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely, allowing an attacker to cause a denial of service or disrupt the system. The vulnerability in ntpd allows remote attackers to cause a denial of service by sending spoofed request or response packets, triggering a continuous exchange of error responses between two NTP daemons.

Recommendations For Moxa PT-508, PT-7728, PT-7828, MDS-G4012, restrict access to the vulnerable microcode to minimize the risk of exploitation until a patch is available. For ntp versions prior to 4.2.4p8, update to version 4.2.4p8 or later to resolve the issue. For ntp version 4.2.0.a.20040617 and ntp version 4.1.2, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the ntp request.c function in ntpd until a patch is available.