From owner-freebsd-security@FreeBSD.ORG  Thu Jan  9 14:12:22 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4314E8C2
 for <freebsd-security@freebsd.org>; Thu,  9 Jan 2014 14:12:22 +0000 (UTC)
Received: from melon.pingpong.net (melon.pingpong.net [79.136.116.200])
 by mx1.freebsd.org (Postfix) with ESMTP id 010DB1813
 for <freebsd-security@freebsd.org>; Thu,  9 Jan 2014 14:12:21 +0000 (UTC)
Received: from [10.0.0.167] (citron2.pingpong.net [195.178.173.68])
 (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (No client certificate requested)
 by melon.pingpong.net (Postfix) with ESMTPSA id 48E1332163;
 Thu,  9 Jan 2014 15:12:20 +0100 (CET)
Content-Type: multipart/signed;
 boundary="Apple-Mail=_72276C91-126B-4117-B38D-102D6A7876C7";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: Re: NTP security hole CVE-2013-5211?
From: Palle Girgensohn <girgen@FreeBSD.org>
In-Reply-To: <52CEAD69.6090000@grosbein.net>
Date: Thu, 9 Jan 2014 15:12:19 +0100
Message-Id: <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org>
References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org>
 <52CEAD69.6090000@grosbein.net>
To: Eugene Grosbein <eugen@grosbein.net>
X-Mailer: Apple Mail (2.1827)
X-Mailman-Approved-At: Thu, 09 Jan 2014 14:28:20 +0000
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 14:12:22 -0000


--Apple-Mail=_72276C91-126B-4117-B38D-102D6A7876C7
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii


9 jan 2014 kl. 15:08 skrev Eugene Grosbein <eugen@grosbein.net>:

> On 09.01.2014 19:38, Palle Girgensohn wrote:
>> They recommend at least 4.2.7. Any thoughts about this?
> 
> Other than updating ntpd, you can filter out requests to 'monlist' command
> with 'restrict ... noquery' option that disables some queries for
> the internal ntpd status, including 'monlist'.
> 
> See http://support.ntp.org/bin/view/Support/AccessRestrictions for details.

Yes. But shouldn't there be a security advisory for FreeBSD specifically?


--Apple-Mail=_72276C91-126B-4117-B38D-102D6A7876C7
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSzq5DAAoJEIhV+7FrxBJDRz4H/1zm3zUNJ1gqBoWPg+s/BcMs
N2fxza4iqjsVL/1RMctTlotXkasnS5UR+yJi13L85tfMLK4W7n5n/7/PsybDDcJO
Vs8F0OkUChZ4PhXzi/UHACIjhzzCq7YcuFcwdFYixvxrt7hD0/xTRzPKijT+WfFI
Anus7Sx1J1kHkmPXOEkafPQUeLZHMvhbzEXL9rR2sn7uTN6dEtFpArFP3yGGRNlt
en/EBSrkQHD4yIeNbpLcTTLwCYS8pi+ucKnGzggTONk4h2PkYko1ZpybCFAEDlo8
DZDqtbVbUuYQBe2CCoWamwYUKzn4ykP9L3K9lsBcDIUhg/PdLn8Eia4Ns0qyTBA=
=qwhC
-----END PGP SIGNATURE-----

--Apple-Mail=_72276C91-126B-4117-B38D-102D6A7876C7--