Project

General

Profile

Actions

Bug #3384

closed

NTPd should deny service if the packet spacing violates the lower limits specified in the discard command (CVE-2013-5211)

Added by Jeroen Roovers almost 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
NTPD
Target version:
Start date:
01/04/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

ntp.conf(5):

limited
Deny service if the packet spacing violates the lower limits specified
in the discard command. A history of clients is kept using the
monitoring capability of ntpd(8). Thus, monitoring is always active
as long as there is a restriction entry with the limited flag.

Upstream bug report:
[[http://bugs.ntp.org/show_bug.cgi?id=1532]]

Various distributions are working around the issue in ntp.conf instead of upgrading to the development branch.

The solution would be to include "restrict.* limited" (and probably "kod" too) in /etc/inc/system.inc where it writes /var/etc/ntpd.conf


Files

etc-inc-system.inc.patch (651 Bytes) etc-inc-system.inc.patch Add "limited" to ntpd.conf Jeroen Roovers, 01/04/2014 08:13 AM
Actions

Also available in: Atom PDF