The NTP daemon has a DDoS vulnerability in the handling of the “monlist” command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.MitigationMitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
vcsalt5.5 Update 1
vcsalt5.1 Update 3
vcsaeq5.0
esxiltESXi550-201403101-SG
esxiltESXi510-201404101-SG
esxiltESXi500-201405101-SG
esxiltESXi410-201404401-SG
esxiltESXi400-201404401-SG
esxltESX410-201404402-SG
esxltESX400-201404402-SG

Name	Operator	Version
vcsa	lt	5.5 Update 1
vcsa	lt	5.1 Update 3
vcsa	eq	5.0
esxi	lt	ESXi550-201403101-SG
esxi	lt	ESXi510-201404101-SG
esxi	lt	ESXi500-201405101-SG
esxi	lt	ESXi410-201404401-SG
esxi	lt	ESXi400-201404401-SG
esx	lt	ESX410-201404402-SG
esx	lt	ESX400-201404402-SG

Rows per page:

1-10 of 151

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332

www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

vmware 1

openvas 35

nessus 60

ibm 14

oraclelinux 7

threatpost 4

checkpoint_advisories 1

suse 3

zdt 1

securityvulns 5

freebsd 1

cert 1

veracode 1

ubuntucve 2

redhat 3

cve 2

exploitpack 1

packetstorm 1

prion 2

centos 2

debiancve 2

f5 2

amazon 3

mageia 2

aix 1

checkpoint_security 1

fortinet 1

thn 1

metasploit 1

ics 1

gentoo 2

freebsd_advisory 1

slackware 1

exploitdb 1

fedora 3

altlinux 3

ubuntu 1

debian 1

osv 1

vmware

VMware vSphere updates to third party libraries

2014-03-11 00:00:00

openvas

VMSA-2014-0002 VMware vSphere updates to third party libraries (remote check)

2014-03-12 00:00:00

VMSA-2014-0002 VMware vSphere updates to third party libraries

2014-03-12 00:00:00

VMSA-2014-0002 VMware vSphere updates to third party libraries

2014-03-12 00:00:00

nessus

VMSA-2014-0002 : VMware vSphere updates to third-party libraries

2014-03-12 00:00:00

ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)

2015-05-22 00:00:00

VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)

2015-12-30 00:00:00

ibm

Security Bulletin: Vulnerability in glibc affects Integrated Management Module 2 (IMM2) (CVE-2013-4332)

2019-01-31 01:55:01

Security Bulletin: NTP vulnerability in Network Intrusion Prevention System (CVE-2013-5211)

2022-02-23 19:48:26

Security Bulletin: The IBM Chassis Management Module (CMM) is affected by a vulnerability in NTP server (CVE-2013-5211)

2019-01-31 01:25:01

oraclelinux

glibc security and bug fix update

2013-10-08 00:00:00

ntp security update

2016-09-09 00:00:00

ntp security update

2016-09-09 00:00:00

threatpost

Volume of NTP Amplification Attacks Getting Louder

2014-04-29 13:03:29

NTP Amplification Blamed for 400 Gbps DDoS Attack

2014-02-11 12:21:35

PointDNS Recovers from Massive DDoS Attack

2014-05-12 15:35:26

checkpoint_advisories

NTP Servers Monlist Command Denial of Service (CVE-2013-5211)

2014-01-19 00:00:00

suse

DDoS reflection attacks in ntp

2014-01-20 17:05:38

Security update for glibc (important)

2014-09-12 06:04:16

Security update for glibc (important)

2014-09-15 19:04:18

zdt

NTP ntpd monlist Query Reflection - Denial of Service

2014-04-29 00:00:00

securityvulns

ntp traffic amplification

2014-01-14 00:00:00

[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)

2014-01-14 00:00:00

TA14-013A: NTP Amplification Attacks Using CVE-2013-5211

2014-01-14 00:00:00

freebsd

ntpd DRDoS / Amplification Attack using ntpdc monlist command

2014-01-01 00:00:00

cert

NTP can be abused to amplify denial-of-service attack traffic

2014-01-10 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:00:29

ubuntucve

CVE-2013-4332

2013-10-09 00:00:00

CVE-2013-5211

2014-01-02 00:00:00

redhat

(RHSA-2013:1411) Moderate: glibc security and bug fix update

2013-10-08 00:00:00

(RHSA-2013:1605) Moderate: glibc security, bug fix, and enhancement update

2013-11-21 00:00:00

(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update

2013-11-21 00:00:00

cve

CVE-2013-4332

2013-10-09 22:55:00

CVE-2013-5211

2014-01-02 14:59:00

exploitpack

NTP ntpd monlist Query Reflection - Denial of Service

2014-04-28 00:00:00

packetstorm

NTP Amplification Denial Of Service Tool

2014-07-16 00:00:00

prion

Integer overflow

2013-10-09 22:55:00

Security feature bypass

2014-01-02 14:59:00

centos

glibc, nscd security update

2013-10-08 20:20:03

glibc, nscd security update

2013-11-26 13:31:38

debiancve

CVE-2013-4332

2013-10-09 22:55:00

CVE-2013-5211

2014-01-02 14:59:00

SOL15154 - NTP vulnerability CVE-2013-5211

2014-04-10 00:00:00

K15154 : NTP vulnerability CVE-2013-5211

2014-04-10 00:00:00

amazon

Medium: ntp

2021-09-08 23:35:00

Medium: glibc

2013-12-17 21:39:00

Medium: ntp

2018-05-10 17:01:00

mageia

Updated ntp packages work around security vulnerability

2014-01-31 20:44:56

Updated glibc package fixes security vulnerabilities

2013-11-22 22:44:49

aix

Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS

2014-06-12 16:24:51

checkpoint_security

Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)

2014-03-01 22:00:00

fortinet

FortiAnalyzer could potentially be used in NTP amplification attacks

2020-06-22 00:00:00

thn

Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack

2014-01-02 20:25:00

metasploit

NTP Monitor List Scanner

2010-01-27 23:25:17

ics

NTP Reflection Attack

2018-09-06 12:00:00

gentoo

NTP: Traffic amplification

2014-01-16 00:00:00

GNU C Library: Multiple vulnerabilities

2015-03-08 00:00:00

freebsd_advisory

FreeBSD-SA-14:02.ntpd

2014-01-14 00:00:00

slackware

ntp

2014-02-13 16:38:35

exploitdb

NTP ntpd monlist Query Reflection - Denial of Service

2014-04-28 00:00:00

fedora

[SECURITY] Fedora 20 Update: glibc-2.18-9.fc20

2013-09-26 06:13:02

[SECURITY] Fedora 19 Update: glibc-2.17-18.fc19

2013-09-28 00:07:09

[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19

2014-10-19 13:24:18

altlinux

Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.3

2015-12-23 00:00:00

Security fix for the ALT Linux 7 package glibc version 6:2.17-alt6

2014-01-11 00:00:00

Security fix for the ALT Linux 9 package glibc version 6:2.17-alt6

2014-01-11 00:00:00

ubuntu

GNU C Library vulnerabilities

2013-10-21 00:00:00

debian

[SECURITY] [DLA 165-1] eglibc security update

2015-03-06 15:39:53

osv

eglibc - security update

2015-03-06 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

Related for VMSA-2014-0002.4