Referenced CVEs:
CVE-2009-3563
Description:
===========================================================Ubuntu Security Notice USN-867-1 December 08, 2009ntp vulnerabilityCVE-2009-3563===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.3 ntp-server 1:4.2.0a+stable-8.1ubuntu6.3Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.3Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.4Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.2Ubuntu 9.10: ntp 1:4.2.4p6+dfsg-1ubuntu5.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remoteattacker could send a crafted NTP mode 7 packet with a spoofed IP addressof an affected server and cause a denial of service via CPU and diskresource consumption.
More...