NTP BUG 1532: DRDoS/Amplification Attack using ntpdc monlist command
Last update: June 28, 2022 20:06 UTC (57417e17c)
Summary
Resolved |
|
24 Apr 2010 |
References |
Bug 1532 |
CVE-2013-5211 |
Affects |
All releases prior to 4.2.7p26. |
Resolved in 4.2.7p26. |
Description
Unrestricted access to the monlist
feature in ntp_request.c
in ntpd
in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged REQ_MON_GETLIST
or REQ_MON_GETLIST_1
requests, as exploited in the wild in December 2013.
Mitigation
- Upgrade to 4.2.7p26 or later.
- Users of versions before 4.2.7p26 should either:
- Use
noquery
in your default restrictions to block all status queries.
- Use
disable monitor
to disable the ntpdc -c monlist
command while still allowing other status queries.
Credit
Timeline