Denial of service in multiple UDP implementations

1) Resource management error

EUVDB-ID: #VU87727

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2009-3563

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in ntp_request.c. A remote attacker can perform a denial of service (DoS) attack using the MODE_PRIVATE to send a spoofed request or response packets that trigger a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

UDP: All versions

External links

http://rhn.redhat.com/errata/RHSA-2009-1651.html
http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
http://www.debian.org/security/2009/dsa-1948
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
http://rhn.redhat.com/errata/RHSA-2009-1648.html
http://lists.ntp.org/pipermail/announce/2009-December/000086.html
http://www.kb.cert.org/vuls/id/568372
http://security-tracker.debian.org/tracker/CVE-2009-3563
http://support.ntp.org/bugs/show_bug.cgi?id=1331
http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
http://bugzilla.redhat.com/show_bug.cgi?id=531213
http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html
http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
http://rhn.redhat.com/errata/RHSA-2010-0095.html
http://support.avaya.com/css/P8/documents/100071808
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
http://secunia.com/advisories/39593
http://www.vupen.com/english/advisories/2010/0993
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
http://marc.info/?l=bugtraq&m=136482797910018&w=2
http://marc.info/?l=bugtraq&m=130168580504508&w=2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
http://www.kb.cert.org/vuls/id/417980

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Resource management error

EUVDB-ID: #VU87724

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1309

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the UDP implementation. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.

Mitigation

This vulnerability is considered as patched since there is a way to protect your systems against this time of attack.

Network providers should deploy available anti-spoofing techniques (BCP38) such as Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing in protecting their internet-facing resources against spoofing and abuse.

Vulnerable software versions

UDP: All versions

External links

http://kb.cert.org/vuls/id/417980

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU87725

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-2169

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the UDP implementation. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.

Mitigation

This vulnerability is considered as patched since there is a way to protect your systems against this time of attack.

Network providers should deploy available anti-spoofing techniques (BCP38) such as Unicast Reverse Path Forwarding (uRPF) to prevent IP spoofing in protecting their internet-facing resources against spoofing and abuse.

Vulnerable software versions

UDP: All versions

External links

http://kb.cert.org/vuls/id/417980

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.