The monlist feature in ntp_request.c in ntpd in NTP prior to 4.2.7p26 allows remote malicious users to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 11.4 |
||
ntp ntp 4.2.7 |
||
ntp ntp |
||
oracle linux 6 |
||
oracle linux 7 |