Executive Summary

Informations
Name CVE-2013-5211 First vendor Publication 2014-01-02
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24449
 
Oval ID: oval:org.mitre.oval:def:24449
Title: Network Time Protocol (NTP) vulnerability in AIX
Description: The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5211
Version: 6
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26210
 
Oval ID: oval:org.mitre.oval:def:26210
Title: SUSE-SU-2014:0937-1 -- Security update for ntp
Description: The NTP time service could have been used for remote denial of service amplification attacks.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0937-1
CVE-2013-5211
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): ntp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1

ExploitDB Exploits

id Description
2014-04-28 NTP ntpd monlist Query Reflection - Denial of Service

Snort® IPS/IDS

Date Description
2018-01-11 RPC Portmapper getstat request attempt
RuleID : 45166 - Revision : 4 - Type : POLICY-OTHER
2018-01-11 RPC Portmapper version 2 dump request attempt
RuleID : 45165 - Revision : 4 - Type : POLICY-OTHER
2018-01-11 RPC Portmapper version 3 dump request attempt
RuleID : 45164 - Revision : 4 - Type : POLICY-OTHER
2018-05-23 SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt
RuleID : 45157-community - Revision : 4 - Type : SERVER-OTHER
2018-01-11 SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt
RuleID : 45157 - Revision : 4 - Type : SERVER-OTHER
2015-05-19 NTP mode 6 UNSETTRAP denial of service attempt
RuleID : 34114 - Revision : 4 - Type : SERVER-OTHER
2015-05-19 NTP mode 6 REQ_NONCE denial of service attempt
RuleID : 34112 - Revision : 4 - Type : SERVER-OTHER
2014-02-15 ntp monlist denial of service attempt
RuleID : 29393 - Revision : 6 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-10-27 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0165.nasl - Type : ACT_GATHER_INFO
2017-02-08 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0038.nasl - Type : ACT_GATHER_INFO
2016-09-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-3613.nasl - Type : ACT_GATHER_INFO
2016-09-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-3612.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0002_remote.nasl - Type : ACT_GATHER_INFO
2015-05-22 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_1623387_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1743201_remote.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_1749766_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_ntp_20140417.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0002.nasl - Type : ACT_GATHER_INFO
2014-09-19 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10613.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-474.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote openSUSE host is missing a security update.
File : suse_12_3_openSUSE-2014--140722.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote openSUSE host is missing a security update.
File : suse_13_1_openSUSE-2014--140722.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ntp-140721.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV59636.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV58413.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV58068.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV56575.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV56324.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV56213.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote AIX host is missing a security patch.
File : aix_IV55365.nasl - Type : ACT_GATHER_INFO
2014-03-12 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2014-0002.nasl - Type : ACT_GATHER_INFO
2014-02-14 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-044-02.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-08.nasl - Type : ACT_GATHER_INFO
2014-01-15 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3d95c9a77d5c11e3a8c1206a8a720317.nasl - Type : ACT_GATHER_INFO
2014-01-02 Name : The remote NTP server is affected by a denial of service vulnerability.
File : ntp_monlist_enabled.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/64692
CERT http://www.us-cert.gov/ncas/alerts/TA14-013A
CERT-VN http://www.kb.cert.org/vuls/id/348126
CONFIRM http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
http://bugs.ntp.org/show_bug.cgi?id=1532
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-309054...
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory
HP http://marc.info/?l=bugtraq&m=138971294629419&w=2
http://marc.info/?l=bugtraq&m=144182594518755&w=2
MISC http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
MLIST http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://openwall.com/lists/oss-security/2013/12/30/6
http://openwall.com/lists/oss-security/2013/12/30/7
SECTRACK http://www.securitytracker.com/id/1030433
SECUNIA http://secunia.com/advisories/59288
http://secunia.com/advisories/59726
SUSE http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Date Informations
2021-05-04 12:27:40
  • Multiple Updates
2021-04-22 01:33:26
  • Multiple Updates
2020-05-23 13:17:03
  • Multiple Updates
2020-05-23 00:38:17
  • Multiple Updates
2018-10-31 00:20:33
  • Multiple Updates
2018-01-26 12:05:02
  • Multiple Updates
2017-12-09 09:22:19
  • Multiple Updates
2017-10-28 13:24:45
  • Multiple Updates
2017-02-09 13:25:28
  • Multiple Updates
2016-12-22 09:23:33
  • Multiple Updates
2016-11-29 00:24:50
  • Multiple Updates
2016-09-28 09:23:38
  • Multiple Updates
2016-09-14 13:25:41
  • Multiple Updates
2016-08-23 09:24:48
  • Multiple Updates
2016-04-26 23:38:37
  • Multiple Updates
2015-12-31 13:26:04
  • Multiple Updates
2015-11-20 21:25:13
  • Multiple Updates
2015-05-23 13:27:24
  • Multiple Updates
2015-05-19 21:26:15
  • Multiple Updates
2015-02-14 13:23:45
  • Multiple Updates
2015-02-12 13:23:56
  • Multiple Updates
2015-01-21 13:26:28
  • Multiple Updates
2014-12-03 09:26:42
  • Multiple Updates
2014-09-20 13:25:14
  • Multiple Updates
2014-08-02 13:24:13
  • Multiple Updates
2014-08-01 13:24:48
  • Multiple Updates
2014-07-31 13:24:45
  • Multiple Updates
2014-07-17 09:21:44
  • Multiple Updates
2014-06-18 13:26:14
  • Multiple Updates
2014-04-29 17:18:47
  • Multiple Updates
2014-03-13 13:22:02
  • Multiple Updates
2014-03-06 13:22:58
  • Multiple Updates
2014-02-17 11:23:02
  • Multiple Updates
2014-02-15 21:20:13
  • Multiple Updates
2014-01-24 13:19:25
  • Multiple Updates
2014-01-03 21:20:25
  • First insertion