[ntp:security] CVE for ntp monlist: CVE-2013-5211
christian.rossow at gmail.com
Sat Aug 17 07:30:33 UTC 2013
I contacted MITRE regarding CVEs for the vulnerabilities I pointed out
in my research paper. They started to assign me CVEs where appropriate,
and the `monlist` feature in ntpd is one of these cases.
Harlan, MITRE already assigned me CVE for this case (CVE-2013-5211).
MITRE found this bug here:
Would that be an appropriate link to be added to the CVE? I asked MITRE
to keep the CVEs secret for now, the agreed to do this "until the vendor
has released more information (such as a security advisory)".
PS: Indeed the monlist issue seems to be known since 3 years... :)
More information about the security