-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 1/9/14, 6:12 AM, Palle Girgensohn wrote: > > 9 jan 2014 kl. 15:08 skrev Eugene Grosbein <eugen@grosbein.net>: > >> On 09.01.2014 19:38, Palle Girgensohn wrote: >>> They recommend at least 4.2.7. Any thoughts about this? >> >> Other than updating ntpd, you can filter out requests to >> 'monlist' command with 'restrict ... noquery' option that >> disables some queries for the internal ntpd status, including >> 'monlist'. >> >> See http://support.ntp.org/bin/view/Support/AccessRestrictions >> for details. > > Yes. But shouldn't there be a security advisory for FreeBSD > specifically? We will have an advisory next week. If a NTP server is properly configured, it's likely that they are not affected (the old FreeBSD default is a little bit vague on how to properly configure the daemon, though; the new default on -CURRENT and supported -STABLE branches should be sufficient to provide protection). Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSz4K/AAoJEJW2GBstM+nsoUAQAIR/IQrDnVlWYyQfRdL8dUQV fuR0FSyE84rcaHR8GJ9D5ApWbB1GrO61VE+NkMp7wBhZ1UmSseMX8J63aXz7gEna O7Lgsigjt0CloQk5A+uoiSuKxuicy3OaO5m9dYEb9/hIt2QgLzuWJEFxYYxtzNqp 16ndCq9BXRIjqiYjcH1rTqKmHvnOGDGLNDpArVDEkqToHur72d051xDUPHBUJzir FMkuIroiucLd5fHp90L7ZkDl/g2xOFEqd6U9XIExusCDPYzA/KYZNFnEegPpAuuD GXQ6wSDIVZzqgjuzERgw8ElaQ50NUvr4FWLTV6HV7aa+Ut5UF4CeFoBYf2xO1uUu FravU2uoiOVqjir1UtNEY1yP3fXceegkT8T+4e+oCTUslSBVXsiES8iSfHQib0eK wMSwelFCflfrLwiq97GjetBS66EUn00y/U3M3RUjlx4e0FIycLi5ZYy4XMkJlM2a jXE63iynfk9N02tO3/K1a8Yrp7mIYY3drn43BOJeXL72QMumFxi81aO4NQdrBTMw X49unE6bK4RZ5Ao4SdAWP/2vJfFnYLamc3cr1fvZ14XEyEXuVygmojoPPRdYkuj7 2OfMUv2m1BUUR8P4XIe6GN3UIY+kgK+JxddCU1WmLV8lYNloP0hQD62jtrB6J4A4 OzC38C6p+35khP0bZLhO =wpEM -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"