CVE-2013-5211

Published Jan 2, 2014
Last updated a year ago
CVSS info 5.0
Overview

Description: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-20
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC55810-13AD-49D2-AFE5-A95F00824915",
            "versionEndExcluding": "4.2.7"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CAC15F6-514F-4BED-A2A5-E89F4349D8AE"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B481C553-B73E-4DA2-9D5E-3774FF846590"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AFDFCA1-0D59-4973-ACFE-CB75BD934154"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04F57D2-2D27-4FBF-8530-2AC3FB744E7C"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "518C32C8-0558-46A1-8532-90DBA1616221"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E43BA6C-4FAE-4B96-90D3-E212BD21233D"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D4E0EEC-92AD-43B2-8539-921AAA0BAF8A"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC4F7DB-7769-4F81-B301-C973D0EB2E01"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3862A517-5302-4CC5-A553-E8ED8F408984"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E23550B-55D9-4D2A-868C-1F2E5833FFD3"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "703DD909-3E63-46AF-BDBD-DB99035D17C8"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9307FD4B-AF64-476B-A238-1C8C9E8D7938"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19D2387E-78A0-42BD-B33E-5CE2858888DC"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF76B320-FE22-4528-9189-982909B67EA4"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4212F77B-AD87-47CE-972E-ADDF3E0A855C"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26DC7E1A-9F45-4F71-8EBE-8C4811757511"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93AEBFB8-C063-4862-ADA5-32C8AD6A215D"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19B1C33A-80DD-4942-81A3-5A91B77B902D"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5453B367-AF6E-49F1-A448-EEC9BD30F774"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0040B79-5D07-4BEA-8861-8D827FB31735"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D00C1A08-1AFF-4AED-9F32-6F7400E24427"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6478C98A-FC07-457D-996D-53B9361B52D3"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1D01BD4-27BF-49BD-9305-F26E0EC778AD"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4E82220-4E07-41B0-952A-9C0CC0973D60"
          },
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38F02F01-569A-445D-A954-D9369E0B8850"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876"
          },
          {
            "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
