Date: Thu, 19 Apr 2001 17:08:50 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Chris Faulhaber <jedgar@fxp.org> Cc: "Philip J. Koenig" <pjklist@ekahuna.com>, FreeBSD Security List <security@FreeBSD.ORG> Subject: Re: ntpd version not updated? Message-ID: <200104200008.f3K08sA07253@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 19 Apr 2001 19:58:13 EDT." <20010419195813.A79537@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010419195813.A79537@peitho.fxp.org>, Chris Faulhaber writes: > > --jRHKVT23PllUwdXP > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Thu, Apr 19, 2001 at 04:32:08PM -0700, Philip J. Koenig wrote: > > Re: the recent security advisory on ntpd. It says in part that versions = > of ntpd=20 > > prior to "ntp-4.0.99k_2" are vulnerable, and that 4.2 STABLE as of 4/6 wa= > s=20 > > corrected. > >=20 > > I just CVSup'd 4.2-STABLE (RELENG_4) as of 4/15, did make world etc., and= > =20 > > based on the "version" command in ntpq and ntpdc, and the syslog message,= > =20 > > I'm still running version 4.0.99b. Here's the syslog message: > >=20 > > Apr 19 16:14:56 server ntpd[168]: ntpd 4.0.99b Sun Apr 15 09:10:45 PDT 20= > 01 (1) > >=20 > >=20 > > Is there something I'm missing here? > >=20 > > If you are using ntpd in the base system and you updated your system > after 4/6, you are not vulnerable. > > If you are using ntpd from the ports system, ensure that it's > version is ntp-4.0.99k_2 or greater. The following command should > display the version of the port you have installed: > # pkg_version | grep ntp ntp-4.0.99k23 is the most recent version of ntp. It includes the fix for the recently discovered exploit. -- Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104200008.f3K08sA07253>