ntpd vulnerabilities
Joe Malcolm
jmalcolm at uraeus.com
Tue Dec 23 00:26:13 UTC 2014
As a practical matter, is the default config vulnerable to the buffer
overflow issues?
The announcement:
http://lists.ntp.org/pipermail/announce/2014-December/000122.html
says that "restrict ... noquery" is sufficient mitigation for the 3
buffer overflow issues. I'm no expert on ntp.conf, but this appears in
my ntp.conf on one of my FreeBSD systems:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
However, it also has these:
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
Joe
More information about the freebsd-security
mailing list