The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Published 2014-01-02 14:59:03
Updated 2023-11-01 12:51:56
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2013-5211

96.70%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-5211

  • SSDP ssdp:all M-SEARCH Amplification Scanner
    First seen: 2020-04-26
    auxiliary/scanner/upnp/ssdp_amp
    Discover SSDP amplification possibilities Authors: - xistence <xistence@0x90.nl>
  • NTP Mode 7 PEER_LIST DoS Scanner
    Disclosure Date: 2014-08-25
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_peer_list_dos
    This module identifies NTP servers which permit "PEER_LIST" queries and return responses that are larger in size or greater in quantity than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplificat
  • NTP Mode 7 PEER_LIST_SUM DoS Scanner
    Disclosure Date: 2014-08-25
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_peer_list_sum_dos
    This module identifies NTP servers which permit "PEER_LIST_SUM" queries and return responses that are larger in size or greater in quantity than the request, allowing remote attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic amplif
  • UDP Amplification Scanner
    First seen: 2020-04-26
    auxiliary/scanner/udp/udp_amplification
    Detect UDP endpoints with UDP amplification vulnerabilities Authors: - Jon Hart <jon_hart@rapid7.com>
  • NTP Monitor List Scanner
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_monlist
    This module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service (traffic amplification) via spoofed requests. The more clients there are in the list, the
  • NTP Mode 6 REQ_NONCE DRDoS Scanner
    Disclosure Date: 2014-08-25
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_req_nonce_dos
    This module identifies NTP servers which permit mode 6 REQ_NONCE requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to REQ_NONCE requests with a response larger than the request, allowing remote attackers to cause a d
  • Portmapper Amplification Scanner
    First seen: 2020-04-26
    auxiliary/scanner/portmap/portmap_amp
    This module can be used to discover Portmapper services which can be used in an amplification DDoS attack against a third party. Authors: - xistence <xistence@0x90.nl>
  • NTP Clock Variables Disclosure
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_readvar
    This module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more. Authors: - Ewerson Guimaraes(Crash) <crash@dclabs.com.br> - Jon Hart <jon_h
  • NTP Mode 6 UNSETTRAP DRDoS Scanner
    Disclosure Date: 2014-08-25
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_unsettrap_dos
    This module identifies NTP servers which permit mode 6 UNSETTRAP requests that can be used to conduct DRDoS attacks. In some configurations, NTP servers will respond to UNSETTRAP requests with multiple packets, allowing remote attackers to cause a distributed, refle
  • NTP Mode 7 GET_RESTRICT DRDoS Scanner
    Disclosure Date: 2014-08-25
    First seen: 2020-04-26
    auxiliary/scanner/ntp/ntp_reslist_dos
    This module identifies NTP servers which permit "reslist" queries and obtains the list of restrictions placed on various network interfaces, networks or hosts. The reslist feature allows remote attackers to cause a distributed, reflected denial of service (aka, "DRDo

CVSS scores for CVE-2013-5211

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST

CWE ids for CVE-2013-5211

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5211

Products affected by CVE-2013-5211

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!