NTP security hole CVE-2013-5211?

[Xin Li]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 3/14/14, 8:43 PM, Brett Glass wrote:
> At 07:39 PM 3/14/2014, Xin Li wrote:
> 
>> FreeBSD 10.0-RELEASE ships with new default NTP settings, are
>> you talking an earlier RC (before RC4 as r259975), or are you
>> saying 10.0-RELEASE ships with a ntp.conf with wrong defaults?
> 
> The latter. The ntp.conf shipped with 10.0-RELEASE still allows 
> relaying of attacks, even with an ntpd that is patched to prevent 
> amplification.

I can't reproduce with fresh install.  How did you tested it (or what
is missing in the default ntp.conf), can you elaborate?

Cheers,

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTI+ZvAAoJEJW2GBstM+ns18UP/031jrsOBWNewc/WbvpxbE0I
KxY1p07drvzE1ftYfwZ7Wi8F9U+f4/qJ1ufCU4DfD3GUUxUm4K3YyKRqBxTCHP+g
4N5FBwS1iKVK9DP1NvBOhLQT2l3X3gHgvi8ICa4MPi/OOTSQx8rlAnPAs2Mq2JS0
FlrTYjHoWpQvT7+46m7Yvz/nqtHOHScrGvbebVB/l8iuDdbtrCJutoHUTPtPH4IP
8Rqx9pMKRBiQ5jFWGQsSqTpveHFXw7d58hjOOQrWSUiz6U+ZinVtbZucpkFFs2WG
QZbgNKkeF2rqXvbP/+EPtaTbJ+fQJnrU9c5kNDmZPmDfp2C2qxq6vvZWZcEcE96w
D5GzGU64cc1RkqxS2T0NqUDbBWDM+hF1Smxxy1zMo+JDNz3rtouvuXQrQi1U5KRl
JUMpbRDI1QOZFlmz/ps0wyq5lDYUFNlOlwDAj1vXFsIw9kROMfZmIQ0M35gnWIEv
AyR6RmxPcbpRqouil1lmzDhfNY2z6HG0W5XKQGRULZWB+6dSX05VSXUR7sQiJFiu
7izQ3BdFcG9aL85m/toH8c1qPu/UoZ9rAQ6+gnSNT0eoPXy7bWnciSvlNg9GfpC/
a9XwixLCggI4fV+T+yzFbzUe2PzSBEwx4k1/XO3VDLtY/NUTmiZsIZYySelvkOWq
1CySClbtRbT+AtlDdCfQ
=6zOm
-----END PGP SIGNATURE-----