[ntp:security] CVE for ntp monlist: CVE-2013-5211

Christian Rossow christian.rossow at gmail.com
Sat Aug 17 07:30:33 UTC 2013

Hi guys,

I contacted MITRE regarding CVEs for the vulnerabilities I pointed out
in my research paper. They started to assign me CVEs where appropriate,
and the `monlist` feature in ntpd is one of these cases.

Harlan, MITRE already assigned me CVE for this case (CVE-2013-5211).

MITRE found this bug here:

Would that be an appropriate link to be added to the CVE? I asked MITRE
to keep the CVEs secret for now, the agreed to do this "until the vendor
has released more information (such as a security advisory)".


PS: Indeed the monlist issue seems to be known since 3 years... :)

More information about the security mailing list