Site Navigation

Date:      Fri, 14 Mar 2014 22:34:40 -0700
From:      Xin Li <delphij@delphij.net>
To:        Brett Glass <brett@lariat.org>, d@delphij.net,  Fabian Wenk <fabian@wenks.ch>, freebsd-security@freebsd.org
Cc:        Ollivier Robert <roberto@freebsd.org>, hackers@lists.ntp.org
Subject:   Re: NTP security hole CVE-2013-5211?
Message-ID:  <5323E670.5020905@delphij.net>
In-Reply-To: <201403150343.VAA27172@mail.lariat.net>
References:  <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no> <52D7A944.70604@wenks.ch> <201403141700.LAA21140@mail.lariat.net> <5323AF47.9080107@delphij.net> <201403150343.VAA27172@mail.lariat.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 3/14/14, 8:43 PM, Brett Glass wrote:
> At 07:39 PM 3/14/2014, Xin Li wrote:
> 
>> FreeBSD 10.0-RELEASE ships with new default NTP settings, are
>> you talking an earlier RC (before RC4 as r259975), or are you
>> saying 10.0-RELEASE ships with a ntp.conf with wrong defaults?
> 
> The latter. The ntp.conf shipped with 10.0-RELEASE still allows 
> relaying of attacks, even with an ntpd that is patched to prevent 
> amplification.

I can't reproduce with fresh install.  How did you tested it (or what
is missing in the default ntp.conf), can you elaborate?

Cheers,

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTI+ZvAAoJEJW2GBstM+ns18UP/031jrsOBWNewc/WbvpxbE0I
KxY1p07drvzE1ftYfwZ7Wi8F9U+f4/qJ1ufCU4DfD3GUUxUm4K3YyKRqBxTCHP+g
4N5FBwS1iKVK9DP1NvBOhLQT2l3X3gHgvi8ICa4MPi/OOTSQx8rlAnPAs2Mq2JS0
FlrTYjHoWpQvT7+46m7Yvz/nqtHOHScrGvbebVB/l8iuDdbtrCJutoHUTPtPH4IP
8Rqx9pMKRBiQ5jFWGQsSqTpveHFXw7d58hjOOQrWSUiz6U+ZinVtbZucpkFFs2WG
QZbgNKkeF2rqXvbP/+EPtaTbJ+fQJnrU9c5kNDmZPmDfp2C2qxq6vvZWZcEcE96w
D5GzGU64cc1RkqxS2T0NqUDbBWDM+hF1Smxxy1zMo+JDNz3rtouvuXQrQi1U5KRl
JUMpbRDI1QOZFlmz/ps0wyq5lDYUFNlOlwDAj1vXFsIw9kROMfZmIQ0M35gnWIEv
AyR6RmxPcbpRqouil1lmzDhfNY2z6HG0W5XKQGRULZWB+6dSX05VSXUR7sQiJFiu
7izQ3BdFcG9aL85m/toH8c1qPu/UoZ9rAQ6+gnSNT0eoPXy7bWnciSvlNg9GfpC/
a9XwixLCggI4fV+T+yzFbzUe2PzSBEwx4k1/XO3VDLtY/NUTmiZsIZYySelvkOWq
1CySClbtRbT+AtlDdCfQ
=6zOm
-----END PGP SIGNATURE-----

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5323E670.5020905>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact