F5 ARX Series NTP Denial of Service and GnuTLS Spoofing Vulnerability

Release date:
Updated on:

Affected Systems:
F5 ARX Series 6.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-5211
 
F5 ARX series is a smart file virtualization solution.
 
The monlist function of the Network Time Protocol used in F5 ARX Series 6.0.0-6.4.0 has a security vulnerability. The monlist function is enabled by default in older NTP versions (earlier than NTP 4.2.7p26, this command is located in ntp_request.c in ntpd. You can send the list of the last 600 IP addresses connected to the NTP server to the victim. Attackers exploit this vulnerability to exploit a forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 request to increase the traffic volume and cause a denial of service (DoS.
 
<* Source: vendor

Link: http://secunia.com/advisories/57603/
Http://www.kb.cert.org/vuls/id/348126
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
 
If you cannot install patches or upgrade (http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15154.html) immediately, NSFOCUS recommends that you take the following actions to mitigate threats:
 
* Check whether the amplified response is enabled.
* Execute Egress Filter
* Disable status query or restrict access.
 
Vendor patch:
 
F5
--
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.ntp.org/downloads.html
 
Http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15154.html