NTP Monlist Feature Enabled Network Vulnerability

Summary

NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets.

Impact

Successfully exploiting this issue may allow an attacker to cause a denial of service.

Solution

Update to NTP 4.2.7p26 or newer or set 'disable monitor' in ntp.conf.

Insight

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Affected

NTP before 4.2.7p26

Detection

Send a NTP monlist request and check the response.

References

http://bugs.ntp.org/show_bug.cgi?id=1532
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5211

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
Comodo Internet Security Denial of Service Vulnerability July 13
Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
Denial of Service (DoS) in Microsoft SMS Client

Take action and discover your vulnerabilities