[ntp:questions] CVE-2013-5211 and xntpd

Brian Utterback brian.utterback at oracle.com
Thu Feb 6 14:26:25 UTC 2014

I recently received a question from a customer about CVE-201305211, the 
monlist amplification attack. Specifically they asked if the attack 
affected xntpd. They had another vendor that said no, that the attack 
only affects ntpd. This surprised me since as far as I know the monlist 
mechanism is the same in xntpd. I thought the vendor was merely 
incorrect. However, I then read the CERT and NIST versions of the CVE 
and there is no mention of xntpd. Indeed, a literal reading of the CVE 
does indeed imply that xntpd is not vulnerable.

I don't think I am wrong about xntpd being vulnerable. If I am, please 
correct me. But if I am not, we should probably see about getting the 
CVE amended.


Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. - Martin Golding
Brian Utterback - Solaris RPE, Oracle Corporation.
Ph:603-262-3916, Em:brian.utterback at oracle.com

More information about the questions mailing list