CVE-2013-5211

Publication date 2 January 2014

Last updated 24 July 2024

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ntp	13.10 saucy	Ignored
	13.04 raring	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

default ntp.conf in Ubuntu contains noquery, so monlist is disabled by default. Sites that need monlist should restrict it from known trusted IPs. Upstream has removed monlist in favour of mrulist. This is too intrusive to backport, so we're going to ignore this.

References

MITRE
NVD
Launchpad
Debian

Other references

http://openwall.com/lists/oss-security/2013/12/30/6
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
https://www.cve.org/CVERecord?id=CVE-2013-5211