Date: Mon, 22 Dec 2014 18:46:52 -0500 From: Robert Simmons <rsimmons0@gmail.com> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, Winfried Neessen <neessen@cleverbridge.com> Subject: Re: ntpd vulnerabilities Message-ID: <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com> In-Reply-To: <86a92fzmls.fsf@nine.des.no> References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <86a92fzmls.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 22, 2014 at 11:16 AM, Dag-Erling Sm=C3=B8rgrav <des@des.no> wro= te: > Yes, FreeBSD is vulnerable, and we have informed CERT of that fact, so I > don't know why they have us down as "unknown". We are preparing an > advisory for tomorrow. As was the case with BIND, this takes more work > than for many other operating systems since we maintain older versions > in older branches; for instance, 8.4 has 4.2.4. It looks like all supported FreeBSD versions use 4.2.4. At least CURRENT and 10.1 report that as the version: Dec 22 23:35:56 ntpd[660]: ntpd 4.2.4p5-a (1) Will 4.2.8 be pulled into CURRENT eventually, or is the plan to replace it entirely with ntimed?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg>