Vigil@nce - ntp.org: distributed denial of service via monlist
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use monlist of ntp.org, in order to trigger a
distributed denial of service.
Impacted products: FreeBSD, HP-UX, Juniper J-Series, JUNOS,
Meinberg NTP Server, NetBSD, NTP.org
Severity: 2/4
Creation date: 31/12/2013
DESCRIPTION OF THE VULNERABILITY
The ntp.org service implements the "monlist" command, which
returns the list of the 600 last clients which connected to the
server.
However, the size of the reply is larger than the size of the
query. Moreover, public NTP servers request no authentication, and
UDP packets can be spoofed.
An attacker can therefore use monlist of ntp.org, in order to
trigger a distributed denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ntp-org-distributed-denial-of-service-via-monlist-14004