This article provides information on the DDoS amplification attack described in CVE-2013-5211, and its effect on VMware products.
Note: The mitigation information presented in this article was published earlier in
Timekeeping best practices for Linux guests (1006427).
Symptoms:
The NTP Distributed Denial of Service (DDoS) amplification attack described in CVE-2013-5211 may affect ESX/ESXi, and the vCenter Server Appliance (VCSA):
- ESX 4.x: The NTP service itself is affected, but it must be manually enabled and the default firewall configuration must be modified for the host to be vulnerable.
- ESXi 4.x: The NTP service itself is affected, but it must be manually enabled.
- ESXi 5.x: The NTP service itself is affected, but it must be manually enabled and the default firewall configuration must be modified for the host to be vulnerable.
- VCSA 5.x: The NTP service itself is affected, but only if the appliance is manually configured to use NTP for time synchronization and not Active Directory.
Customers are advised to implement the mitigation or remediation documented in the
Resolution section of this article.
Note: VMware strongly advises against deploying ESX, ESXi, or the VCSA directly on the public internet.