[ntp:questions] CVE-2013-5211 and xntpd

Harlan Stenn stenn at ntp.org
Thu Feb 6 20:49:16 UTC 2014

Brian Utterback writes:
> I did test it and saw indications that it would be vulnerable. I don't 
> have exploit code so I didn't actually get an exploit going, but I saw 
> enough to convince me.

If xntpd responds to the mode 7 monlist command it's vulnerable, and the
easy fix is to add a 'restrict default noquery' line to the config file.

> The problem is that the CVE doesn't say that all versions of ntp before 
> 4.2.7 are vulnerable, it says that all versions of *ntpd* before 4.2.7 
> are vulnerable.

I agree, the wording in the CVE should be fixed.


More information about the questions mailing list