From owner-freebsd-security@FreeBSD.ORG  Tue Dec 23 00:26:13 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1253A158
 for <freebsd-security@freebsd.org>; Tue, 23 Dec 2014 00:26:13 +0000 (UTC)
Received: from neoshoggoth.uraeus.com (neoshoggoth.uraeus.com [208.72.84.117])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "mail-relay.uraeus.com", Issuer "URAEUS" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id D8A273CB5
 for <freebsd-security@freebsd.org>; Tue, 23 Dec 2014 00:26:12 +0000 (UTC)
Received: from neoshoggoth.uraeus.com (localhost [127.0.0.1])
 by neoshoggoth.uraeus.com (Postfix) with ESMTP id BA056109BE0D;
 Tue, 23 Dec 2014 00:17:22 +0000 (UTC)
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char C3 hex): Cc:
 Dag-Erling Sm\303\270rgrav <des@des[...]
Received: from neoshoggoth.uraeus.com ([127.0.0.1])
 by neoshoggoth.uraeus.com (neoshoggoth.uraeus.com [127.0.0.1]) (amavisd-new,
 port 10024)
 with LMTP id MLPUlOG4b6OJ; Tue, 23 Dec 2014 00:17:21 +0000 (UTC)
Received: by neoshoggoth.uraeus.com (Postfix, from userid 1013)
 id E7EA5109BE0C; Tue, 23 Dec 2014 00:17:20 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <21656.46224.764659.252388@neoshoggoth.uraeus.com>
Date: Tue, 23 Dec 2014 00:17:20 +0000
From: Joe Malcolm <jmalcolm@uraeus.com>
To: Robert Simmons <rsimmons0@gmail.com>
Subject: Re: ntpd vulnerabilities
In-Reply-To: <CA+QLa9Du5dZbF-FzEX6Z5cA4m=rTo+ZiEgzuKN5f8xquVExwXg@mail.gmail.com>
References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com>
 <86a92fzmls.fsf@nine.des.no>
 <CA+QLa9Du5dZbF-FzEX6Z5cA4m=rTo+ZiEgzuKN5f8xquVExwXg@mail.gmail.com>
X-Mailer: VM 8.1.1 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid
 (amd64--freebsd)
Cc: Dag-Erling Smørgrav <des@des.no>, Winfried Neessen <neessen@cleverbridge.com>, freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 00:26:13 -0000

As a practical matter, is the default config vulnerable to the buffer
overflow issues?

The announcement:

http://lists.ntp.org/pipermail/announce/2014-December/000122.html

says that "restrict ... noquery" is sufficient mitigation for the 3
buffer overflow issues. I'm no expert on ntp.conf, but this appears in
my ntp.conf on one of my FreeBSD systems:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

However, it also has these:

restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0

Joe