Mark net/ntp forbidden.

Security:	CVE-2013-5211 / VU#348126

1 files changed, 39 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 60dfc95a4bf4..ef75e4bb87b9 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,45 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
+    <topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command </topic>
+    <affects>
+      <package>
+	<name>ntp</name>
+	<range><lt>4.2.7p26</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>ntp.org reports:</p>
+	<blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using">
+	  <ul>
+	    <li> References: CVE-2013-5211 / VU#348126
+	    <li>Versions: All releases prior to 4.2.7p26
+	    <li>Date Resolved: 2010/04/24
+	    <li>Summary: Unrestricted access to the monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013 
+	    <li>Mitigation:
+	      <ul>
+		<li>Upgrade to 4.2.7p26 or later.
+		<li>Users of versions before 4.2.7p26 should either:
+		  <ul>
+		    <li>Use noquery to your default restrictions to block all status queries.
+		    <li>Use disable monitor to disable the ntpdc -c monlist command while still allowing other status queries. 
+		  </ul>
+	     </ul>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-5211</cvename>
+    </references>
+    <dates>
+      <discovery>2014-01-01</discovery>
+      <entry>2014-01-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ba04a373-7d20-11e3-8992-00132034b086">
     <topic>nagios -- denial of service vulnerability</topic>
     <affects>