This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote network time service could be used for network
reconnaissance or abused in a distributed denial of service attack.
The version of ntpd on the remote host has the 'monlist' command
enabled. This command returns a list of recent hosts that have
connected to the service. As such, it can be used for network
reconnaissance or, along with a spoofed source IP, a distributed
denial of service attack.
See also :
If using NTP from the Network Time Protocol Project, either upgrade to
NTP 4.2.7-p26 or later, or add 'disable monitor' to the 'ntp.conf'
configuration file and restart the service. Otherwise, contact the
Otherwise, limit access to the affected service to trusted hosts.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true
Nessus Plugin ID: 71783 ()
Bugtraq ID: 64692
CVE ID: CVE-2013-5211
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.