Network Time Protocol Daemon (ntpd) 'monlist' DoS

Medium Nessus Network Monitor Plugin ID 700174


The remote network time server can be affected by a denial of service vulnerability.


The version of ntpd running on the remote host is vulnerable to a DoS attack if the 'monlist' command is enabled. The 'monlist' command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntp_request.c that allows an unauthenticated, remote attacker to saturate network traffic to a specific IP address by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. Furthermore, an attacker can exploit this issue to conduct reconnaissance or distributed denial of service (DDoS) attacks.


If using NTP from the Network Time Protocol Project, upgrade to NTP version 4.2.7-p26 or later. Alternatively, add 'disable monitor' to the ntp.conf configuration file and restart the service. Otherwise, limit access to the affected service to trusted hosts, or contact the vendor for a fix.

See Also

Plugin Details

Severity: Medium

ID: 700174

Family: Generic

Published: 2017/08/18

Updated: 2019/03/06

Dependencies: 8828

Nessus ID: 71783

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:ntp:ntp

Patch Publication Date: 2014/01/02

Vulnerability Publication Date: 2014/01/02

Reference Information

CVE: CVE-2013-5211