CVSS 3 Base Score: Posted On: November 24, 2015Assessed Risk Level: Low Previous versions of the puppetlabs-ntp module did not default to using 'disable monitor', which is one of the two configurations required to fully mitigate CVE-2013-5211. The module by default would set 'noquery' for all remote hosts, but the system would still be vulnerable to local attacks. With the puppetlabs-ntp 4.1.1 release, the default value for the 'disable_monitor' parameter is set to 'true' for all platforms. No action is required unless you are manually setting 'disable_monitor' to false or you need monitoring enabled in your environment. Status:Affected software versions:puppetlabs-ntp 4.1.0 and earlierResolved in:puppetlabs-ntp 4.1.1← Back to CVE Listings
