The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service via forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013