[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2013-5211Date: (C)2014-01-04   (M)2018-05-12


The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1030433
SECUNIA-59288
SECUNIA-59726
BID-64692
HPSBOV03505
HPSBUX02960
SSRT101419
TA14-013A
VU#348126
http://openwall.com/lists/oss-security/2013/12/30/6
http://openwall.com/lists/oss-security/2013/12/30/7
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
http://bugs.ntp.org/show_bug.cgi?id=1532
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory
openSUSE-SU-2014:1149

CPE    2
cpe:/o:novell:opensuse:11.4
cpe:/a:ntp:ntp:4.2.7
CWE    1
CWE-20
OVAL    5
oval:org.secpod.oval:def:21286
oval:org.secpod.oval:def:1501762
oval:org.secpod.oval:def:1501569
oval:org.secpod.oval:def:1501567
...

© SecPod Technologies