Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2952
Views
10
Helpful
1
Replies

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability

Hermanus Janse van Vuuren
Level 4
Level 4

‎07-05-2016 10:19 AM - edited ‎03-17-2019 07:27 AM

An Vulnerability scan exposed the following on Cisco IM & P ver 9.1.1 

NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability

NTP: DoS in monlist feature of ntpd (CVE-2013-5211) (ntp-monlist-dos-cve-2013-5211)

NTP: Traffic Amplification in listpeers feature of ntpd (ntp-r7-2014-12-listpeers-drdos)

NTP: Traffic Amplification in peers feature of ntpd (ntp-r7-2014-12-peers-drdos)

NTP: Traffic Amplification in CTL_OP_REQ_NONCE feature of ntpd (ntp-r7-2014-12-reqnonce-drdos)

NTP: Information disclosure in reslist feature of ntpd (CVE-2014-5209) (ntp-r7-2014-12-reslist-disclosure)

NTP: Traffic Amplification in reslist feature of ntpd (ntp-r7-2014-12-reslist-drdos)

NTP: Traffic amplification in clrtrap feature of ntpd (ntp-r7-2014-12-unsettrap-drdos)

Any workarounds or fixes for this?

Best Regards
2 people had this problem
Labels:
1 Reply 1

Ryan Huff
Level 4
Level 4

‎07-05-2016 02:38 PM

That particular NTP DoS vulnerability CVE-2013-5211 (amplification attack) is addressed with the ciscocm.ntp_option-v1.11.cop.sgn which can be found in the COP-Files section of https://software.cisco.com/download/release.html?mdfid=284510097&flowid=77894&softwareid=282204704&release=ELM&relind=AVAILABLE&rellifecycle=&reltype=latest

Additionally, the readme to this COP file can be viewed at: http://www.cisco.com/web/software/282204704/18582/ntp_option_readme-Rev2.pdf

Thanks,

Ryan

(.. Please rate helpful posts ..)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents