FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-5211

This CVE name corresponds to:

Entered Topic
2014-01-14 ntpd DRDoS / Amplification Attack using ntpdc monlist command

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-5211
Phase Assigned(20130815)

Description

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

References

Source Reference
MLIST [oss-security] 20131230 CVE to the ntp monlist DDoS issue?
MLIST [oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?
MLIST [pool] 20111210 Odd surge in traffic today
MISC http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
CONFIRM http://bugs.ntp.org/show_bug.cgi?id=1532
CONFIRM http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
CONFIRM http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
CONFIRM http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
HP HPSBUX02960
HP SSRT101419
SUSE openSUSE-SU-2014:1149
CERT TA14-013A
CERT-VN VU#348126
SECTRACK 1030433
SECUNIA 59288
SECUNIA 59726