PT-2014-1885 · Ntt+6 · Ntp+6

Christian Rossow

Published

2009-01-29

Updated

2024-06-15

CVE-2013-5211

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.7p26

Description The issue is related to the monlist feature in ntpd, which allows remote attackers to cause a denial of service (traffic amplification) via forged requests, specifically REQ MON GETLIST or REQ MON GETLIST 1 requests. This vulnerability has been exploited in the wild. The problem is associated with insufficient control over the volume of transmitted network messages, enabling a remote attacker to send specially crafted requests and cause a denial of service.

Recommendations For versions prior to 4.2.7p26, update to version 4.2.7p26 or later to resolve the issue. As a temporary workaround, consider disabling the monlist feature in ntpd to prevent exploitation until a patch is applied. Restrict access to the REQ MON GETLIST and REQ MON GETLIST 1 requests to minimize the risk of denial of service attacks.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-406CWE-20

Related Identifiers

ALT-PU-2014-1197

BDU:2015-09749

CVE-2013-5211

ELSA-2016-3612

ELSA-2016-3613

MGASA-2014-0032

OPENSUSE-SU-2024:10181-1

RHSA-2009_0046

RHSA-2009_1039

RHSA-2009_1040

SUSE-SU-2014_0937-1

SUSE-SU-2015:0259-1

SUSE-SU-2015:0259-3

SUSE-SU-2015:1173-1

Affected Products

Alt Linux

Check Point Gaia

Cisco Nexus

Ibm Aix

Junos

Ntp

Suse

PT-2014-1885 · Ntt+6 · Ntp+6

CVE-2013-5211

Weakness Enumeration

Related Identifiers

Affected Products

References · 123