ntpd vulnerabilities

Dag-Erling Smørgrav des at des.no
Mon Dec 22 16:16:26 UTC 2014


Winfried Neessen <neessen at cleverbridge.com> writes:
> there has been a security advisory for several vulnerabilities in ntpd. Is FreeBSD 
> affected by this? According to http://www.kb.cert.org/vuls/id/852879 OpenBSD is 
> not affected, but I guess that's due to the fact, that they have OpenNTPd. The 
> status for FreeBSD on that page is still "unknown". 

Yes, FreeBSD is vulnerable, and we have informed CERT of that fact, so I
don't know why they have us down as "unknown".  We are preparing an
advisory for tomorrow.  As was the case with BIND, this takes more work
than for many other operating systems since we maintain older versions
in older branches; for instance, 8.4 has 4.2.4.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-security mailing list