Date: Tue, 23 Dec 2014 00:17:20 +0000 From: Joe Malcolm <jmalcolm@uraeus.com> To: Robert Simmons <rsimmons0@gmail.com> Cc: Dag-Erling Smørgrav <des@des.no>, Winfried Neessen <neessen@cleverbridge.com>, freebsd-security@freebsd.org Subject: Re: ntpd vulnerabilities Message-ID: <21656.46224.764659.252388@neoshoggoth.uraeus.com> In-Reply-To: <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com> References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <86a92fzmls.fsf@nine.des.no> <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As a practical matter, is the default config vulnerable to the buffer overflow issues? The announcement: http://lists.ntp.org/pipermail/announce/2014-December/000122.html says that "restrict ... noquery" is sufficient mitigation for the 3 buffer overflow issues. I'm no expert on ntp.conf, but this appears in my ntp.conf on one of my FreeBSD systems: restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery However, it also has these: restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 Joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21656.46224.764659.252388>