Brian Utterback writes: > I did test it and saw indications that it would be vulnerable. I don't > have exploit code so I didn't actually get an exploit going, but I saw > enough to convince me.
If xntpd responds to the mode 7 monlist command it's vulnerable, and the easy fix is to add a 'restrict default noquery' line to the config file. > The problem is that the CVE doesn't say that all versions of ntp before > 4.2.7 are vulnerable, it says that all versions of *ntpd* before 4.2.7 > are vulnerable. I agree, the wording in the CVE should be fixed. H _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
