From owner-freebsd-security@FreeBSD.ORG Tue Jan 14 13:06:57 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 34635F2F; Tue, 14 Jan 2014 13:06:57 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id E514912C5; Tue, 14 Jan 2014 13:06:56 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id BAB077559; Tue, 14 Jan 2014 13:06:55 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 765BB34207; Tue, 14 Jan 2014 14:06:52 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Cristiano Deana Subject: Re: NTP security hole CVE-2013-5211? References: <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> Date: Tue, 14 Jan 2014 14:06:52 +0100 In-Reply-To: (Cristiano Deana's message of "Mon, 13 Jan 2014 11:08:46 +0100") Message-ID: <86d2jud85v.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, Palle Girgensohn , Xin LI X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 13:06:57 -0000 Cristiano Deana writes: > I tried several workaround with config and policy, and ended up you MUST > have 4.2.7 to stop these kind of attacks. Doesn't "restrict noquery" block monlist in 4.2.6? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no