Date: Thu, 09 Jan 2014 21:18:56 -0800 From: Xin Li <delphij@delphij.net> To: Palle Girgensohn <girgen@FreeBSD.org>, Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-security@freebsd.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <52CF82C0.9040708@delphij.net> In-Reply-To: <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 1/9/14, 6:12 AM, Palle Girgensohn wrote: > > 9 jan 2014 kl. 15:08 skrev Eugene Grosbein <eugen@grosbein.net>: > >> On 09.01.2014 19:38, Palle Girgensohn wrote: >>> They recommend at least 4.2.7. Any thoughts about this? >> >> Other than updating ntpd, you can filter out requests to >> 'monlist' command with 'restrict ... noquery' option that >> disables some queries for the internal ntpd status, including >> 'monlist'. >> >> See http://support.ntp.org/bin/view/Support/AccessRestrictions >> for details. > > Yes. But shouldn't there be a security advisory for FreeBSD > specifically? We will have an advisory next week. If a NTP server is properly configured, it's likely that they are not affected (the old FreeBSD default is a little bit vague on how to properly configure the daemon, though; the new default on -CURRENT and supported -STABLE branches should be sufficient to provide protection). Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSz4K/AAoJEJW2GBstM+nsoUAQAIR/IQrDnVlWYyQfRdL8dUQV fuR0FSyE84rcaHR8GJ9D5ApWbB1GrO61VE+NkMp7wBhZ1UmSseMX8J63aXz7gEna O7Lgsigjt0CloQk5A+uoiSuKxuicy3OaO5m9dYEb9/hIt2QgLzuWJEFxYYxtzNqp 16ndCq9BXRIjqiYjcH1rTqKmHvnOGDGLNDpArVDEkqToHur72d051xDUPHBUJzir FMkuIroiucLd5fHp90L7ZkDl/g2xOFEqd6U9XIExusCDPYzA/KYZNFnEegPpAuuD GXQ6wSDIVZzqgjuzERgw8ElaQ50NUvr4FWLTV6HV7aa+Ut5UF4CeFoBYf2xO1uUu FravU2uoiOVqjir1UtNEY1yP3fXceegkT8T+4e+oCTUslSBVXsiES8iSfHQib0eK wMSwelFCflfrLwiq97GjetBS66EUn00y/U3M3RUjlx4e0FIycLi5ZYy4XMkJlM2a jXE63iynfk9N02tO3/K1a8Yrp7mIYY3drn43BOJeXL72QMumFxi81aO4NQdrBTMw X49unE6bK4RZ5Ao4SdAWP/2vJfFnYLamc3cr1fvZ14XEyEXuVygmojoPPRdYkuj7 2OfMUv2m1BUUR8P4XIe6GN3UIY+kgK+JxddCU1WmLV8lYNloP0hQD62jtrB6J4A4 OzC38C6p+35khP0bZLhO =wpEM -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52CF82C0.9040708>