CVE-2013-5211: Input Validation
First published: Thu Jan 02 2014(Updated: )
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux | =11.4 | |
| NTP | <4.2.7 | |
| NTP | =4.2.7 | |
| NTP | =4.2.7-p0 | |
| NTP | =4.2.7-p1 | |
| NTP | =4.2.7-p10 | |
| NTP | =4.2.7-p11 | |
| NTP | =4.2.7-p12 | |
| NTP | =4.2.7-p13 | |
| NTP | =4.2.7-p14 | |
| NTP | =4.2.7-p15 | |
| NTP | =4.2.7-p16 | |
| NTP | =4.2.7-p17 | |
| NTP | =4.2.7-p18 | |
| NTP | =4.2.7-p19 | |
| NTP | =4.2.7-p2 | |
| NTP | =4.2.7-p20 | |
| NTP | =4.2.7-p21 | |
| NTP | =4.2.7-p22 | |
| NTP | =4.2.7-p23 | |
| NTP | =4.2.7-p24 | |
| NTP | =4.2.7-p25 | |
| NTP | =4.2.7-p3 | |
| NTP | =4.2.7-p4 | |
| NTP | =4.2.7-p5 | |
| NTP | =4.2.7-p6 | |
| NTP | =4.2.7-p7 | |
| NTP | =4.2.7-p8 | |
| NTP | =4.2.7-p9 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| NTP | =4.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
- http://bugs.ntp.org/show_bug.cgi?id=1532
- http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
- http://lists.ntp.org/pipermail/pool/2011-December/005616.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
- http://marc.info/?l=bugtraq&m=138971294629419&w=2
- http://marc.info/?l=bugtraq&m=144182594518755&w=2
- http://openwall.com/lists/oss-security/2013/12/30/6
- http://openwall.com/lists/oss-security/2013/12/30/7
- http://secunia.com/advisories/59288
- http://secunia.com/advisories/59726
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
- http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
- http://www.kb.cert.org/vuls/id/348126
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/64692
- http://www.securitytracker.com/id/1030433
- http://www.us-cert.gov/ncas/alerts/TA14-013A
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
- https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory
Frequently Asked Questions
What is the severity of CVE-2013-5211?
CVE-2013-5211 has a severity rating of medium due to its potential for denial of service attacks.
How do I fix CVE-2013-5211?
To fix CVE-2013-5211, upgrade to NTP version 4.2.7p26 or later.
What kind of attack does CVE-2013-5211 enable?
CVE-2013-5211 enables remote attackers to execute traffic amplification denial of service attacks.
Which systems are affected by CVE-2013-5211?
CVE-2013-5211 affects NTP versions prior to 4.2.7p26 and certain versions of openSUSE and Oracle Linux.
Is CVE-2013-5211 actively exploited?
Yes, CVE-2013-5211 was actively exploited in the wild starting in December 2013.
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/opensuse
- canonical/suse linux
- version/suse linux/11.4
- vendor/ntp
- canonical/ntp
- version/ntp/4.2.7
- version/ntp/4.2.7-p0
- version/ntp/4.2.7-p1
- version/ntp/4.2.7-p10
- version/ntp/4.2.7-p11
- version/ntp/4.2.7-p12
- version/ntp/4.2.7-p13
- version/ntp/4.2.7-p14
- version/ntp/4.2.7-p15
- version/ntp/4.2.7-p16
- version/ntp/4.2.7-p17
- version/ntp/4.2.7-p18
- version/ntp/4.2.7-p19
- version/ntp/4.2.7-p2
- version/ntp/4.2.7-p20
- version/ntp/4.2.7-p21
- version/ntp/4.2.7-p22
- version/ntp/4.2.7-p23
- version/ntp/4.2.7-p24
- version/ntp/4.2.7-p25
- version/ntp/4.2.7-p3
- version/ntp/4.2.7-p4
- version/ntp/4.2.7-p5
- version/ntp/4.2.7-p6
- version/ntp/4.2.7-p7
- version/ntp/4.2.7-p8
- version/ntp/4.2.7-p9
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/6
- version/oracle linux/7