From owner-freebsd-security Wed Apr 4 17:14:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 3034037B446 for ; Wed, 4 Apr 2001 17:14:48 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA10418; Wed, 4 Apr 2001 18:14:42 -0600 (MDT) Message-Id: <4.3.2.7.2.20010404181106.044485d0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 04 Apr 2001 18:14:37 -0600 To: Michael Bryan , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: Fwd: ntpd =< 4.0.99k remote buffer overflow In-Reply-To: <3ACBB263.2804E9C2@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Workaround: Use /usr/sbin/ntpdate -s time.nist.gov (or pick your favorite server) periodically from /etc/crontab. (Once a day, at an odd hour and minute of the morning, is sufficient for most machines.) This is what we have always done. It reduces overhead because there isn't a daemon constantly running. --Brett At 05:46 PM 4/4/2001, Michael Bryan wrote: >Heads up. This just came across BugTraq, will likely affect FreeBSD. >As of 4.2-RELEASE, the ntpd that ships with FreeBSD is 4.0.99b. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message