Lucene search

K
vmwareVMwareVMSA-2014-0002.4
HistoryMar 11, 2014 - 12:00 a.m.

VMware vSphere updates to third party libraries

2014-03-1100:00:00
www.vmware.com
31

EPSS

0.964

Percentile

99.6%

a. DDoS vulnerability in NTP third party libraries

The NTP daemon has a DDoS vulnerability in the handling of the “monlist” command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.MitigationMitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.