Le 6 févr. 2014 à 15:26, Brian Utterback a écrit : > I recently received a question from a customer about CVE-201305211, the > monlist amplification attack. Specifically they asked if the attack affected > xntpd. They had another vendor that said no, that the attack only affects > ntpd. This surprised me since as far as I know the monlist mechanism is the > same in xntpd. I thought the vendor was merely incorrect. However, I then > read the CERT and NIST versions of the CVE and there is no mention of xntpd. > Indeed, a literal reading of the CVE does indeed imply that xntpd is not > vulnerable.
Hi Brian, I think you are right. My reading of the CVE gives me to believe that xntpd is vulnerable. xntp is a full implementation of NTP V3 and the CVE indicates all versions of ntp earlier than 4.2.7 are vulnerable. It is very easy for you to test as xntpd is(or was) distributed with with Solaris. Mike > > I don't think I am wrong about xntpd being vulnerable. If I am, please > correct me. But if I am not, we should probably see about getting the CVE > amended. > > -- > blu > > Always code as if the guy who ends up maintaining your code will be a > violent psychopath who knows where you live. - Martin Golding > -----------------------------------------------------------------------| > Brian Utterback - Solaris RPE, Oracle Corporation. > Ph:603-262-3916, Em:[email protected] > > _______________________________________________ > questions mailing list > [email protected] > http://lists.ntp.org/listinfo/questions _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
