閱讀文章 - 看板 FB_security

發信人delphij@delphij.net (Xin Li),

看板FB_security

標題Re: NTP security hole CVE-2013-5211?

發信站The FreeBSD Project (Sat Mar 15 06:34:40 2014)

轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/14/14, 8:43 PM, Brett Glass wrote: > At 07:39 PM 3/14/2014, Xin Li wrote: > >> FreeBSD 10.0-RELEASE ships with new default NTP settings, are >> you talking an earlier RC (before RC4 as r259975), or are you >> saying 10.0-RELEASE ships with a ntp.conf with wrong defaults? > > The latter. The ntp.conf shipped with 10.0-RELEASE still allows > relaying of attacks, even with an ntpd that is patched to prevent > amplification. I can't reproduce with fresh install. How did you tested it (or what is missing in the default ntp.conf), can you elaborate? Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTI+ZvAAoJEJW2GBstM+ns18UP/031jrsOBWNewc/WbvpxbE0I KxY1p07drvzE1ftYfwZ7Wi8F9U+f4/qJ1ufCU4DfD3GUUxUm4K3YyKRqBxTCHP+g 4N5FBwS1iKVK9DP1NvBOhLQT2l3X3gHgvi8ICa4MPi/OOTSQx8rlAnPAs2Mq2JS0 FlrTYjHoWpQvT7+46m7Yvz/nqtHOHScrGvbebVB/l8iuDdbtrCJutoHUTPtPH4IP 8Rqx9pMKRBiQ5jFWGQsSqTpveHFXw7d58hjOOQrWSUiz6U+ZinVtbZucpkFFs2WG QZbgNKkeF2rqXvbP/+EPtaTbJ+fQJnrU9c5kNDmZPmDfp2C2qxq6vvZWZcEcE96w D5GzGU64cc1RkqxS2T0NqUDbBWDM+hF1Smxxy1zMo+JDNz3rtouvuXQrQi1U5KRl JUMpbRDI1QOZFlmz/ps0wyq5lDYUFNlOlwDAj1vXFsIw9kROMfZmIQ0M35gnWIEv AyR6RmxPcbpRqouil1lmzDhfNY2z6HG0W5XKQGRULZWB+6dSX05VSXUR7sQiJFiu 7izQ3BdFcG9aL85m/toH8c1qPu/UoZ9rAQ6+gnSNT0eoPXy7bWnciSvlNg9GfpC/ a9XwixLCggI4fV+T+yzFbzUe2PzSBEwx4k1/XO3VDLtY/NUTmiZsIZYySelvkOWq 1CySClbtRbT+AtlDdCfQ =6zOm -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"