Date: Mon, 15 Jun 1998 12:49:41 -0700 (PDT) From: Dave Katz <dkatz@juniper.net> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: misc/6959: Shouldn't allow destructive remote modification of NTP config Message-ID: <199806151949.MAA15823@cirrus.juniper.net>
next in thread | raw e-mail | index | archive | help
>Number: 6959 >Category: misc >Synopsis: Shouldn't allow destructive remote modification of NTP config >Confidential: yes >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 15 12:50:01 PDT 1998 >Last-Modified: >Originator: Dave Katz >Organization: >Release: FreeBSD 2.2.5-STABLE i386 >Environment: >Description: We shouldn't ever allow mode 6 or 7 commands to modify the NTP config; this should be done via the CLI only, as it is Yet Another Security Hole and the changes will be lost anyhow when xntpd restarts. >How-To-Repeat: >Fix: Don't allow request-key or control-key to be configured (remove from the DDL). Ensure that destructive request and control packets are not allowed if the local key is zero (I don't believe this is true for control packets; xntpdc won't send a packet with a nonzero key, but I think xntpd will accept them). >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806151949.MAA15823>