看板FB_security
标 题Re: NTP security hole CVE-2013-5211?
发信站The FreeBSD Project (Sat Mar 15 06:34:40 2014)
转信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 3/14/14, 8:43 PM, Brett Glass wrote:
> At 07:39 PM 3/14/2014, Xin Li wrote:
>
>> FreeBSD 10.0-RELEASE ships with new default NTP settings, are
>> you talking an earlier RC (before RC4 as r259975), or are you
>> saying 10.0-RELEASE ships with a ntp.conf with wrong defaults?
>
> The latter. The ntp.conf shipped with 10.0-RELEASE still allows
> relaying of attacks, even with an ntpd that is patched to prevent
> amplification.
I can't reproduce with fresh install. How did you tested it (or what
is missing in the default ntp.conf), can you elaborate?
Cheers,
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTI+ZvAAoJEJW2GBstM+ns18UP/031jrsOBWNewc/WbvpxbE0I
KxY1p07drvzE1ftYfwZ7Wi8F9U+f4/qJ1ufCU4DfD3GUUxUm4K3YyKRqBxTCHP+g
4N5FBwS1iKVK9DP1NvBOhLQT2l3X3gHgvi8ICa4MPi/OOTSQx8rlAnPAs2Mq2JS0
FlrTYjHoWpQvT7+46m7Yvz/nqtHOHScrGvbebVB/l8iuDdbtrCJutoHUTPtPH4IP
8Rqx9pMKRBiQ5jFWGQsSqTpveHFXw7d58hjOOQrWSUiz6U+ZinVtbZucpkFFs2WG
QZbgNKkeF2rqXvbP/+EPtaTbJ+fQJnrU9c5kNDmZPmDfp2C2qxq6vvZWZcEcE96w
D5GzGU64cc1RkqxS2T0NqUDbBWDM+hF1Smxxy1zMo+JDNz3rtouvuXQrQi1U5KRl
JUMpbRDI1QOZFlmz/ps0wyq5lDYUFNlOlwDAj1vXFsIw9kROMfZmIQ0M35gnWIEv
AyR6RmxPcbpRqouil1lmzDhfNY2z6HG0W5XKQGRULZWB+6dSX05VSXUR7sQiJFiu
7izQ3BdFcG9aL85m/toH8c1qPu/UoZ9rAQ6+gnSNT0eoPXy7bWnciSvlNg9GfpC/
a9XwixLCggI4fV+T+yzFbzUe2PzSBEwx4k1/XO3VDLtY/NUTmiZsIZYySelvkOWq
1CySClbtRbT+AtlDdCfQ
=6zOm
-----END PGP SIGNATURE-----
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "
[email protected]"