Detections
Analytics
Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS
high Nessus Plugin ID 71783
Language:
Synopsis
The remote NTP server is affected by a denial of service vulnerability.Description
The version of ntpd running on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntp_request.c that allows an unauthenticated, remote attacker to saturate network traffic to a specific IP address by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests.Furthermore, an attacker can exploit this issue to conduct reconnaissance or distributed denial of service (DDoS) attacks.
Solution
If using NTP from the Network Time Protocol Project, upgrade to NTP version 4.2.7-p26 or later. Alternatively, add 'disable monitor' to the ntp.conf configuration file and restart the service. Otherwise, limit access to the affected service to trusted hosts, or contact the vendor for a fix.See Also
https://isc.sans.edu/diary/NTP+reflection+attack/17300
http://bugs.ntp.org/show_bug.cgi?id=1532
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613
Plugin Details
Severity: High
ID: 71783
File Name: ntp_monlist_enabled.nasl
Version: 1.18
Type: remote
Family: Misc.
Published: 1/2/2014
Updated: 7/16/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ntp:ntp
Required KB Items: NTP/Running
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 4/24/2010
Vulnerability Publication Date: 4/20/2010
Reference Information
CVE: CVE-2013-5211
BID: 64692
CERT: 348126
ICSA: 14-051-04