ntpd vulnerabilities
Joe Malcolm
jmalcolm at uraeus.com
Tue Dec 23 13:07:38 UTC 2014
Dag-Erling Smørgrav writes:
>Joe Malcolm <jmalcolm at uraeus.com> writes:
>> I'm no expert on ntp.conf, but this appears in my ntp.conf on one of
>> my FreeBSD systems:
>>
>> restrict default kod nomodify notrap nopeer noquery
>> restrict -6 default kod nomodify notrap nopeer noquery
>>
>> However, it also has these:
>>
>> restrict 127.0.0.1
>> restrict -6 ::1
>> restrict 127.127.1.0
>
>These work on a "last match" basis. The latter three lines lift all
>restrictions for localhost, so you can still "ntpq -pn" your own server,
>but nobody else can.
Thanks. So, if I understand correctly, the shipped config is
vulnerable to local (same-host) attackers, not remote ones.
joe
More information about the freebsd-security
mailing list