Errata overview
Errata ID 20
Date 2014-01-15
Source package univention-base-files
Fixed in version 3.0.4-3.154.201401101122
NTP servers reachable from the internet that respond to the "monlist" query can be used 
to facilitate distributed denial of service attacks (CVE-2013-5211). This update adds the
UCR variable "ntp/noquery" which can be set to "true" to disable most queries including
the "monlist" function and thus mitigates this issue. The regular time service of NTP
will continue to serve time updates independant of the value of the variable.
After setting the variable the NTP service needs to be restarted in the "System services" 
module of the Univention Management Console or with the command "/etc/init.d/ntp restart".
It is recommended to set this variable on UCS systems that exposes the NTP service 
to the internet.
Additional notes
CVE ID CVE-2013-5211