CVE-2013-5211

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-4332, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518, CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464

Published on 02/01/14 - Updated on 30/10/18

Description

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2013-5211
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2014-AVI-034, CERTFR-2014-AVI-069, CERTFR-2014-AVI-117, CERTFR-2014-AVI-182, CERTFR-2014-AVI-244, CERTFR-2014-AVI-308, CERTFR-2014-AVI-526, CERTFR-2014-AVI-542
Oracle Linux ELSA-2016-2583, ELSA-2016-3612, ELSA-2016-3613, ELSA-2017-0252, ELSA-2017-3071
Renater 2014/VULN062
SUSE SUSE-SU-2014:0937

Exploits

Exploit-DBEDB-33073
SecurityFocusBID-64692

Relative technologies

VendorProduct
ntpntp
opensuseopensuse

Share this vulnerability with:

Twitter Facebook LinkedIn Mail