Vulnerability CVE-2013-5211

Vulnerability CVE-2013-5211

Published: 2014-01-02 Modified: 2014-01-03

Description:

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	ntp monlist DDoS issue	Mike O\'Con...	31.12.2013
High	VMware vSphere updates to third party libraries	VMware	12.03.2014
Med.	ntp monlist DDoS issue Exploit	Danilo PC	29.04.2014

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Opensuse -> Opensuse
NTP -> NTP
Novell -> Opensuse

References:

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc

http://bugs.ntp.org/show_bug.cgi?id=1532

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04

http://lists.ntp.org/pipermail/pool/2011-December/005616.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html

http://marc.info/?l=bugtraq&m=138971294629419&w=2

http://marc.info/?l=bugtraq&m=144182594518755&w=2

http://openwall.com/lists/oss-security/2013/12/30/6

http://openwall.com/lists/oss-security/2013/12/30/7

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892

http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz

http://www.kb.cert.org/vuls/id/348126

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/64692

http://www.securitytracker.com/id/1030433

http://www.us-cert.gov/ncas/alerts/TA14-013A

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232

https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory

Vulnerability CVE-2013-5211

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

See advisories in our WLB2 database:

Med.

ntp monlist DDoS issue

High

VMware vSphere updates to third party libraries

Med.

ntp monlist DDoS issue Exploit

CWE-20

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

5/10

2.9/10

10/10

Remote

Low

No required

None

None

Partial

Affected software

References: