CVE-2013-5211

NTP ntpd monlist Query Reflection - Denial of Service

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013.

Detect UDP endpoints with UDP amplification vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-08-15 CVE Reserved
2014-01-02 CVE Published
2014-04-28 First Exploit
2024-08-06 CVE Updated
2024-11-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (25)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc	Third Party Advisory
http://bugs.ntp.org/show_bug.cgi?id=1532	Issue Tracking
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04	Third Party Advisory
http://lists.ntp.org/pipermail/pool/2011-December/005616.html	Broken Link
http://openwall.com/lists/oss-security/2013/12/30/6	Mailing List
http://openwall.com/lists/oss-security/2013/12/30/7	Mailing List
http://secunia.com/advisories/59288	Not Applicable
http://secunia.com/advisories/59726	Not Applicable
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892	Broken Link
http://www.kb.cert.org/vuls/id/348126	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
http://www.securityfocus.com/bid/64692	Broken Link
http://www.securitytracker.com/id/1030433	Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-013A	Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232	Third Party Advisory
https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory	Broken Link
https://github.com/rapid7/metasploit-framework/pull/3696
https://www.rapid7.com/blog/post/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks

URL	Date	SRC
https://www.exploit-db.com/exploits/33073	2014-04-28
https://github.com/0xhav0c/CVE-2013-5211	2023-05-03

URL	Date	SRC
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz	2023-11-01

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html	2023-11-01
http://marc.info/?l=bugtraq&m=138971294629419&w=2	2023-11-01
http://marc.info/?l=bugtraq&m=144182594518755&w=2	2023-11-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				< 4.2.7 Search vendor "Ntp" for product "Ntp" and version " < 4.2.7"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		-		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p0		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p1		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p10		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p11		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p12		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p13		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p14		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p15		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p16		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p17		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p18		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p19		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p2		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p20		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p21		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p22		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p23		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p24		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p25		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p3		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p4		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p5		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p6		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p7		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p8		Affected
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.7 Search vendor "Ntp" for product "Ntp" and version "4.2.7"		p9		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				6 Search vendor "Oracle" for product "Linux" and version "6"		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				7 Search vendor "Oracle" for product "Linux" and version "7"		-		Affected