ntpd vulnerabilities
Robert Simmons
rsimmons0 at gmail.com
Mon Dec 22 23:46:53 UTC 2014
On Mon, Dec 22, 2014 at 11:16 AM, Dag-Erling Smørgrav <des at des.no> wrote:
> Yes, FreeBSD is vulnerable, and we have informed CERT of that fact, so I
> don't know why they have us down as "unknown". We are preparing an
> advisory for tomorrow. As was the case with BIND, this takes more work
> than for many other operating systems since we maintain older versions
> in older branches; for instance, 8.4 has 4.2.4.
It looks like all supported FreeBSD versions use 4.2.4. At least
CURRENT and 10.1 report that as the version:
Dec 22 23:35:56 ntpd[660]: ntpd 4.2.4p5-a (1)
Will 4.2.8 be pulled into CURRENT eventually, or is the plan to
replace it entirely with ntimed?
More information about the freebsd-security
mailing list