On 20 Dec 2014 at 7:13, Harlan Stenn wrote: > Mouse writes: > > > See: > > > http://support.ntp.org/bin/view/Main/SecurityNotice > > > > > You might want to upgrade or disable ntpd. > > > > It would really REALLY help if the report would give enough details for > > me to make an informed decision. There are three buffer overflows > > claimed that have almost no details given (or at least not in any way > > I've figured out how to get) - one of which, fortunately, does mention > > a detail that tells me I don't have occasino to care about it - and no > > fixes provided beyond "switch to this version", no matter how bad a fit > > that might be to your use case. Apparently they consider it acceptable > > to make me reproduce the work to figure out what the vulnerability is, > > rather than actually providing useful information about it.
....... For me in the UK it seems to have enabled a possibly self-inflicted nnd effective DOS attack since all my attempts to access www.ntp.org have so far failed. My 4 x pool servers are running ntp-dev-4.2.7p476 David -- David Lord <[email protected]> <ftp://ftp.lordynet.org/pub/pgpkeys/[email protected]> <http://www.lordynet.org/pub/pgpkeys/[email protected]> _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
