[ntp:security] monlist reflective DDoS
christian.rossow at gmail.com
Mon Aug 12 08:25:34 UTC 2013
> I'll be getting a CVE number in the morning, unless you can think of
> some reason I should delay.
Two things you may want to take into account:
* The amplification vulnerability does not only affect `monlist`, but
also other message types. How to proceed? Separate CVEs for those?
* Ideally we'd state the ntpd version that closed the monlist feature
in the CVE, so that people know to which version they should update.
More information about the security