NTP security hole CVE-2013-5211?
Cristiano Deana
cristiano.deana at gmail.com
Mon Jan 13 10:08:49 UTC 2014
On Fri, Jan 10, 2014 at 6:18 AM, Xin Li <delphij at delphij.net> wrote:
Hi,
We will have an advisory next week. If a NTP server is properly
> configured, it's likely that they are not affected
>
I had this problem in november, and ask to -current to integrate the new
versione of ntpd in base (see my mail "[request] ntp upgrade" 11/27/13
http://lists.freebsd.org/pipermail/freebsd-current/2013-November/046822.html
).
I tried several workaround with config and policy, and ended up you MUST
have 4.2.7 to stop these kind of attacks.
I think it's better to upgrade the version in base AND to write a security
advisory.
Thank you
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
More information about the freebsd-security
mailing list