Bugzilla – Bug 889447
NTP vulnerable to NTP Amplification Attacks Using CVE-2013-5211
Last modified: 2014-07-30 06:12:01 UTC
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 see: https://www.us-cert.gov/ncas/alerts/TA14-013A I have seen this working on fully patched 13.1 systems. I am pretty sure older versions, platforms as well as SLES also is affected. Reproducible: Always Steps to Reproduce: 1. 2. 3. Actual Results: 13:31 <xxxx> ntpdc> monlist 13:31 <xxxx> remote address port local address count m ver rstr avgint lstint 13:31 <xxxx> =============================================================================== 13:31 <xxxx> ntp2.m-online.net 123 188.40.154.1 1 4 4 0 48 48 [etc] Expected Results: 14:54 <snowpa> roeland.cust.sigio.nl: timed out, nothing received 14:54 <snowpa> ***Request timed out 14:54 <snowpa> ntpdc> adding to /etc/ntp.conf: restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery and restart, mitigates this for the moment.
we have published an advisory for this and will be soon publishing an ntp update with adjusted default templates. http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html http://support.novell.com/security/cve/CVE-2013-5211.html *** This bug has been marked as a duplicate of bug 857195 ***