[ntp:security] CVE for ntp monlist: CVE-2013-5211

Christian Rossow christian.rossow at gmail.com
Sat Aug 17 07:30:33 UTC 2013


Hi guys,

I contacted MITRE regarding CVEs for the vulnerabilities I pointed out
in my research paper. They started to assign me CVEs where appropriate,
and the `monlist` feature in ntpd is one of these cases.

Harlan, MITRE already assigned me CVE for this case (CVE-2013-5211).

MITRE found this bug here:
  http://bugs.ntp.org/show_bug.cgi?id=1532

Would that be an appropriate link to be added to the CVE? I asked MITRE
to keep the CVEs secret for now, the agreed to do this "until the vendor
has released more information (such as a security advisory)".

Cheers,
Christian

PS: Indeed the monlist issue seems to be known since 3 years... :)


More information about the security mailing list