CVE - CVE-2013-5211

CVE-ID
CVE-2013-5211	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:64692 URL:http://www.securityfocus.com/bid/64692 CERT:TA14-013A URL:http://www.us-cert.gov/ncas/alerts/TA14-013A CERT-VN:VU#348126 URL:http://www.kb.cert.org/vuls/id/348126 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc CONFIRM:http://bugs.ntp.org/show_bug.cgi?id=1532 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892 CONFIRM:http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232 CONFIRM:https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory HP:HPSBOV03505 URL:http://marc.info/?l=bugtraq&m=144182594518755&w=2 HP:HPSBUX02960 URL:http://marc.info/?l=bugtraq&m=138971294629419&w=2 HP:SSRT101419 URL:http://marc.info/?l=bugtraq&m=138971294629419&w=2 MISC:http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 MLIST:[oss-security] 20131230 CVE to the ntp monlist DDoS issue? URL:http://openwall.com/lists/oss-security/2013/12/30/6 MLIST:[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue? URL:http://openwall.com/lists/oss-security/2013/12/30/7 MLIST:[pool] 20111210 Odd surge in traffic today URL:http://lists.ntp.org/pipermail/pool/2011-December/005616.html SECTRACK:1030433 URL:http://www.securitytracker.com/id/1030433 SECUNIA:59288 URL:http://secunia.com/advisories/59288 SECUNIA:59726 URL:http://secunia.com/advisories/59726 SUSE:openSUSE-SU-2014:1149 URL:http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
Assigning CNA
MITRE Corporation
Date Record Created
20130815	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130815)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)