[ntp:questions] CVE-2013-5211 and xntpd

mike cook michael.cook at sfr.fr
Thu Feb 6 15:31:05 UTC 2014

Le 6 févr. 2014 à 15:26, Brian Utterback a écrit :

> I recently received a question from a customer about CVE-201305211, the monlist amplification attack. Specifically they asked if the attack affected xntpd. They had another vendor that said no, that the attack only affects ntpd. This surprised me since as far as I know the monlist mechanism is the same in xntpd. I thought the vendor was merely incorrect. However, I then read the CERT and NIST versions of the CVE and there is no mention of xntpd. Indeed, a literal reading of the CVE does indeed imply that xntpd is not vulnerable.

  Hi Brian,
   I think you are right. My reading of the CVE gives me to believe that xntpd is vulnerable. xntp is a full implementation of NTP V3 and the CVE indicates all versions of ntp earlier than 4.2.7 are vulnerable. It is very easy for you to test as xntpd is(or was) distributed with with Solaris.
> I don't think I am wrong about xntpd being vulnerable. If I am, please correct me. But if I am not, we should probably see about getting the CVE amended.
> -- 
> blu
> Always code as if the guy who ends up maintaining your code will be a
> violent psychopath who knows where you live. - Martin Golding
> -----------------------------------------------------------------------|
> Brian Utterback - Solaris RPE, Oracle Corporation.
> Ph:603-262-3916, Em:brian.utterback at oracle.com
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions

More information about the questions mailing list