Date: Thu, 19 Apr 2001 19:58:13 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: FreeBSD Security List <security@freebsd.org> Subject: Re: ntpd version not updated? Message-ID: <20010419195813.A79537@peitho.fxp.org> In-Reply-To: <3ADF1308.3067.BD4A84@localhost>; from pjklist@ekahuna.com on Thu, Apr 19, 2001 at 04:32:08PM -0700 References: <3ADF1308.3067.BD4A84@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Apr 19, 2001 at 04:32:08PM -0700, Philip J. Koenig wrote: > Re: the recent security advisory on ntpd. It says in part that versions of ntpd > prior to "ntp-4.0.99k_2" are vulnerable, and that 4.2 STABLE as of 4/6 was > corrected. > > I just CVSup'd 4.2-STABLE (RELENG_4) as of 4/15, did make world etc., and > based on the "version" command in ntpq and ntpdc, and the syslog message, > I'm still running version 4.0.99b. Here's the syslog message: > > Apr 19 16:14:56 server ntpd[168]: ntpd 4.0.99b Sun Apr 15 09:10:45 PDT 2001 (1) > > > Is there something I'm missing here? > If you are using ntpd in the base system and you updated your system after 4/6, you are not vulnerable. If you are using ntpd from the ports system, ensure that it's version is ntp-4.0.99k_2 or greater. The following command should display the version of the port you have installed: # pkg_version | grep ntp -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjrfe5UACgkQObaG4P6BelBXSACgg8eloV2CP4BQaHgP08W5tFnO XIAAn1goz/Uy7RaUGHHwEQ/RXFh0C7d5 =qQXw -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010419195813.A79537>