NTP monlist Command Enabled

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote network time service could be used for network
reconnaissance or abused in a distributed denial of service attack.

Description :

The version of ntpd on the remote host has the 'monlist' command
enabled. This command returns a list of recent hosts that have
connected to the service. As such, it can be used for network
reconnaissance or, along with a spoofed source IP, a distributed
denial of service attack.

See also :

https://isc.sans.edu/diary/NTP+reflection+attack/17300
http://bugs.ntp.org/show_bug.cgi?id=1532
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613

Solution :

If using NTP from the Network Time Protocol Project, either upgrade to
NTP 4.2.7-p26 or later, or add 'disable monitor' to the 'ntp.conf'
configuration file and restart the service. Otherwise, contact the
vendor.

Otherwise, limit access to the affected service to trusted hosts.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71783 ()

Bugtraq ID: 64692

CVE ID: CVE-2013-5211