Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-5211 PoC — NTP monlist功能输入验证错误漏洞

Source
https://github.com/0xhav0c/CVE-2013-5211
Associated Vulnerability
Title:NTP monlist功能输入验证错误漏洞 (CVE-2013-5211)
Description:ntpd(Network Time Protocol daemon)是一个操作系统守护进程,它使用网络时间协议(NTP)与时间服务器的系统时间保持同步。 NTP 4.2.7p26之前的版本中的ntpd守护进程中的ntp_request.c文件中的monlist功能中存在输入验证漏洞。远程攻击者可通过伪造REQ_MON_GETLIST或REQ_MON_GETLIST_1请求利用该漏洞造成拒绝服务。
Readme
# CVE-2013-5211 PoC
## Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS

This Python script is used to detect CVE-2013-5211, a vulnerability found in NTP (Network Time Protocol) servers. Using the ntpd monlist command, this vulnerability could allow an attacker to send a series of UDP packets to the server, consuming the server's resources.

The script sends a UDP packet to a user-specified NTP server and waits for a response from the server. If the server responds, the script indicates that it has the CVE-2013-5211 vulnerability. Otherwise, it is indicated that the server does not have this vulnerability.

```console
python3 CVE-2013-5211.py 192.168.x.x
```
File Snapshot

 [4.0K]  /data/pocs/c1d1cb870cbc3d344fda3856e877204ef40fb4c3
├── [1.3K]  CVE-2013-5211.py
├── [ 34K]  LICENSE
└── [ 682]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.