Unrated severityNVD Advisory· Published Jan 2, 2014· Updated Apr 29, 2026

CVE-2013-5211

Description

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NTP monlist feature in ntpd before 4.2.7p26 allows remote attackers to amplify traffic via forged requests, enabling DDoS attacks.

Vulnerability

The vulnerability resides in the monlist feature in ntp_request.c of ntpd in NTP versions before 4.2.7p26. The feature responds to REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages with a list of recent NTP clients, which can be many kilobytes. When the server is configured with default unrestricted query access, any remote attacker can trigger these responses [2][4].

Exploitation

An attacker sends a forged UDP packet with the victim's IP address as the source to an NTP server running an affected version. The server responds with a large monlist reply, amplifying the original request by a factor of up to 3660 for REQ_MON_GETLIST and up to 5500 for REQ_MON_GETLIST_1 [2]. No authentication or user interaction is required; the attacker only needs network access to the server.

Impact

The attacker can use the NTP server as an unwitting amplifier to flood the victim with high-volume traffic, causing a denial of service (DoS). The victim's resources are consumed by the unsolicited responses, potentially disrupting legitimate network services [2][4].

Mitigation

The vulnerability is fixed in NTP version 4.2.7p26 [2]. For systems that cannot be immediately upgraded, workarounds include disabling the monlist feature by adding restrict default noquery to the NTP configuration, or restricting access to trusted hosts only [3][4]. HP-UX users running NTP 4.2.6 can apply the workaround described in HP security bulletin HPSBUX02960 [3].

References

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Ntp/Ntp28 versions
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*range: <4.2.7
- cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Oracle Corporation/Linux2 versions
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
osv-coords
pkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweed
Range: < 4.2.8p9-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gznvdPatch
aix.software.ibm.com/aix/efixes/security/ntp_advisory.ascnvdThird Party Advisory
ics-cert.us-cert.gov/advisories/ICSA-14-051-04nvdThird Party AdvisoryUS Government Resource
lists.opensuse.org/opensuse-updates/2014-09/msg00031.htmlnvdThird Party Advisory
marc.infonvdMailing ListThird Party Advisory
www.kb.cert.org/vuls/id/348126nvdThird Party AdvisoryUS Government Resource
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
www.securityfocus.com/bid/64692nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1030433nvdThird Party AdvisoryVDB Entry
www.us-cert.gov/ncas/alerts/TA14-013AnvdThird Party AdvisoryUS Government Resource
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
bugs.ntp.org/show_bug.cginvdIssue Tracking
lists.ntp.org/pipermail/pool/2011-December/005616.htmlnvdBroken Link
marc.infonvdMailing List
openwall.com/lists/oss-security/2013/12/30/6nvdMailing List
openwall.com/lists/oss-security/2013/12/30/7nvdMailing List
secunia.com/advisories/59288nvdNot Applicable
secunia.com/advisories/59726nvdNot Applicable
www-947.ibm.com/support/entry/portal/docdisplaynvdBroken Link
www-947.ibm.com/support/entry/portal/docdisplaynvdBroken Link
puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisorynvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000