Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)

Summary

Security vulnerabilities have been discovered in the NTP component of IBM Security Network Intrusion Prevention System.

Vulnerability Details

CVEID:_CVE-2013-5211 _

DESCRIPTION:

NTP is vulnerable to a denial of service, caused by an error in the monlist feature in ntp_request.c. By sending a sending specially-crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, an attacker could exploit this vulnerability to consume available CPU resources and cause the server to crash.

CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90143/ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.6.1, 4.6, 4.5, 4.4, and 4.3

Remediation/Fixes

The following IBM Threat Fixpacks have the fixes for these vulnerabilities. You could download them from the following links:

Workarounds and Mitigations

None