NTP security hole CVE-2013-5211?
Xin Li
delphij at delphij.net
Fri Jan 10 05:18:58 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 1/9/14, 6:12 AM, Palle Girgensohn wrote:
>
> 9 jan 2014 kl. 15:08 skrev Eugene Grosbein <eugen at grosbein.net>:
>
>> On 09.01.2014 19:38, Palle Girgensohn wrote:
>>> They recommend at least 4.2.7. Any thoughts about this?
>>
>> Other than updating ntpd, you can filter out requests to
>> 'monlist' command with 'restrict ... noquery' option that
>> disables some queries for the internal ntpd status, including
>> 'monlist'.
>>
>> See http://support.ntp.org/bin/view/Support/AccessRestrictions
>> for details.
>
> Yes. But shouldn't there be a security advisory for FreeBSD
> specifically?
We will have an advisory next week. If a NTP server is properly
configured, it's likely that they are not affected (the old FreeBSD
default is a little bit vague on how to properly configure the daemon,
though; the new default on -CURRENT and supported -STABLE branches
should be sufficient to provide protection).
Cheers,
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJSz4K/AAoJEJW2GBstM+nsoUAQAIR/IQrDnVlWYyQfRdL8dUQV
fuR0FSyE84rcaHR8GJ9D5ApWbB1GrO61VE+NkMp7wBhZ1UmSseMX8J63aXz7gEna
O7Lgsigjt0CloQk5A+uoiSuKxuicy3OaO5m9dYEb9/hIt2QgLzuWJEFxYYxtzNqp
16ndCq9BXRIjqiYjcH1rTqKmHvnOGDGLNDpArVDEkqToHur72d051xDUPHBUJzir
FMkuIroiucLd5fHp90L7ZkDl/g2xOFEqd6U9XIExusCDPYzA/KYZNFnEegPpAuuD
GXQ6wSDIVZzqgjuzERgw8ElaQ50NUvr4FWLTV6HV7aa+Ut5UF4CeFoBYf2xO1uUu
FravU2uoiOVqjir1UtNEY1yP3fXceegkT8T+4e+oCTUslSBVXsiES8iSfHQib0eK
wMSwelFCflfrLwiq97GjetBS66EUn00y/U3M3RUjlx4e0FIycLi5ZYy4XMkJlM2a
jXE63iynfk9N02tO3/K1a8Yrp7mIYY3drn43BOJeXL72QMumFxi81aO4NQdrBTMw
X49unE6bK4RZ5Ao4SdAWP/2vJfFnYLamc3cr1fvZ14XEyEXuVygmojoPPRdYkuj7
2OfMUv2m1BUUR8P4XIe6GN3UIY+kgK+JxddCU1WmLV8lYNloP0hQD62jtrB6J4A4
OzC38C6p+35khP0bZLhO
=wpEM
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list