Last update: January 15, 2024 18:03 UTC (83e32bc41)
| Resolved | 24 Apr 2010 | |
|---|---|---|
| References | Bug 1532 | CVE-2013-5211 |
| Affects | All releases prior to 4.2.7p26. | Resolved in 4.2.7p26. |
| CVSS2 Score | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Unrestricted access to the monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
noquery in your default restrictions to block all status queries.disable monitor to disable the ntpdc -c monlist command while still allowing other status queries.