As a practical matter, is the default config vulnerable to the buffer
overflow issues?
The announcement:
http://lists.ntp.org/pipermail/announce/2014-December/000122.html
says that "restrict ... noquery" is sufficient mitigation for the 3
buffer overflow issues. I'm no expert on ntp.conf, but this appears in
my ntp.conf on one of my FreeBSD systems:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
However, it also has these:
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
Joe
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
No comments:
Post a Comment