CVE-2013-5211

Published: 2 January 2014

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Notes

default ntp.conf in Ubuntu contains noquery, so monlist is
disabled by default. Sites that need monlist should restrict it
from known trusted IPs. Upstream has removed monlist in favour
of mrulist. This is too intrusive to backport, so we're going to
ignore this.

Status

References

• http://openwall.com/lists/oss-security/2013/12/30/6
• http://lists.ntp.org/pipermail/pool/2011-December/005616.html
• https://www.cve.org/CVERecord?id=CVE-2013-5211
• NVD
• Launchpad
• Debian

Bugs

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733940
• http://bugs.ntp.org/show_bug.cgi?id=1532
• https://bugs.launchpad.net/debian/+source/ntp/+bug/1268543