Vulnerability Note VU#348126
NTP can be abused to amplify denial-of-service attack traffic
UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected.
NTP and other UDP-based protocols can be used to amplify denial-of-service attacks. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. This is similar in scope to DNS Amplification Attacks.
In a reflected denial-of-service attack, the attacker spoofs the source address of attack traffic, replacing the source address with the target's address. Certain NTP control messages provide significant bandwidth amplification factors (BAF).
An unauthenticated remote attacker may leverage the vulnerable NTP server to conduct a distributed reflective denial-of-service (DRDoS) attack on another user.
Apply an Update
Check if the amplified responses are enabled
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems, Inc.||Affected||17 Sep 2013||17 Sep 2013|
|Hewlett-Packard Company||Affected||-||14 Jan 2014|
|Meinberg Funkuhren GmbH & Co. KG||Affected||07 Oct 2013||14 Jan 2014|
|NEC Corporation||Affected||-||26 Mar 2014|
|Network Time Protocol||Affected||16 Sep 2013||17 Sep 2013|
|Juniper Networks, Inc.||Unknown||07 Oct 2013||07 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Christian Rossow for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2013-5211
- Date Public: 02 Jan 2014
- Date First Published: 10 Jan 2014
- Date Last Updated: 26 Aug 2014
- Document Revision: 83
If you have feedback, comments, or additional information about this vulnerability, please send us email.