Back to KEVs

CVE-2013-5211

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification)...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 15, 2013
Published Date
January 02, 2014
Last Updated
August 06, 2024
Vendor
NTP
Product
NTP
Description
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

CVSS Scores

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploit Status

Proof of Concept Available
Yes (added 2023-05-03 17:20:51 UTC) Source

References

http://secunia.com/advisories/59288 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232 http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://www.us-cert.gov/ncas/alerts/TA14-013A http://www.securityfocus.com/bid/64692 http://www.kb.cert.org/vuls/id/348126 http://marc.info/?l=bugtraq&m=144182594518755&w=2 http://openwall.com/lists/oss-security/2013/12/30/6 http://secunia.com/advisories/59726 http://www.securitytracker.com/id/1030433 http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://openwall.com/lists/oss-security/2013/12/30/7 http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892 http://bugs.ntp.org/show_bug.cgi?id=1532 https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory

Known Exploited Vulnerability Information

Source Added Date
CVE 2014-01-02 11:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

requiempentest/NTP_CVE-2013-5211

Type: github • Created: 2024-10-16 09:45:53 UTC • Stars: 0

Exploit and check CVE-2013-5211

requiempentest/-exploit-check-CVE-2013-5211

Type: github • Created: 2024-10-16 09:35:15 UTC • Stars: 0

check and exploit for NTP vuln CVE-2013-5211

0xhav0c/CVE-2013-5211

Type: github • Created: 2023-05-03 17:20:51 UTC • Stars: 3

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available