Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote NTP server is affected by a denial of service
vulnerability.

Description :

The version of ntpd running on the remote host has the 'monlist'
command enabled. This command returns a list of recent hosts that have
connected to the service. However, it is affected by a denial of
service vulnerability in ntp_request.c that allows an unauthenticated,
remote attacker to saturate network traffic to a specific IP address
by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests.
Furthermore, an attacker can exploit this issue to conduct
reconnaissance or distributed denial of service (DDoS) attacks.

See also :

https://isc.sans.edu/diary/NTP+reflection+attack/17300
http://bugs.ntp.org/show_bug.cgi?id=1532
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613

Solution :

If using NTP from the Network Time Protocol Project, upgrade to
NTP version 4.2.7-p26 or later. Alternatively, add 'disable monitor'
to the ntp.conf configuration file and restart the service. Otherwise,
limit access to the affected service to trusted hosts, or contact the
vendor for a fix.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 71783 ()

Bugtraq ID: 64692

CVE ID: CVE-2013-5211

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now