Overview
Security scans might identify the NTP "monlist" feature denial of service vulnerability. The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests.
Affected Software: NTP prior to Version 4.2.7p26
This issue allows an attacker to perform reflection distributed denial of service attacks.
Solution
RHEL maintains its own version of NTP and not that of ntp.org. The latest version of NTP available with RHEL 7.9 is ntp-4.2.6p5-29.el7_8.2.x86_64.
As a workaround for this vulnerability, follow these steps:
- Run the following command and take note of the output:
ntpdc -n -c monlist <ntpserver>
- As root, execute:
vi /etc/ntp.conf
- Add the following lines to the file:
disable monitor
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery - Save the file: wq!
- Restart ntpd:
systemctl restart ntpd
- Run the following command again and check the output:
ntpdc -n -c monlist <ntpserver>