NTP security hole CVE-2013-5211?
Patrick Lamaiziere
patfbsd at davenulle.org
Tue Jan 14 12:46:58 UTC 2014
Le Thu, 09 Jan 2014 21:18:56 -0800,
Xin Li <delphij at delphij.net> a écrit :
> On 1/9/14, 6:12 AM, Palle Girgensohn wrote:
> >
> > 9 jan 2014 kl. 15:08 skrev Eugene Grosbein <eugen at grosbein.net>:
> >
> >> On 09.01.2014 19:38, Palle Girgensohn wrote:
> >>> They recommend at least 4.2.7. Any thoughts about this?
> >>
> >> Other than updating ntpd, you can filter out requests to
> >> 'monlist' command with 'restrict ... noquery' option that
> >> disables some queries for the internal ntpd status, including
> >> 'monlist'.
> >>
> >> See http://support.ntp.org/bin/view/Support/AccessRestrictions
> >> for details.
> >
> > Yes. But shouldn't there be a security advisory for FreeBSD
> > specifically?
>
> We will have an advisory next week. If a NTP server is properly
> configured, it's likely that they are not affected (the old FreeBSD
> default is a little bit vague on how to properly configure the daemon,
> though; the new default on -CURRENT and supported -STABLE branches
> should be sufficient to provide protection).
I've tried the -current ntpd.conf. Looks good here, my ntpd (used as
client) is under attack since two days :( (15000 packets/s in)
Ntpd does not reply anymore but it eats more cpu (~8%), for a client the
best is to filter out the port udp/123.
The attack is on the ntp command "MON_GETLIST".
Regards,
More information about the freebsd-security
mailing list