A C agcarver+...@acarver.net wrote:
I saw the advisory about the potential issues in ntpd before 4.2.8 but I
don't quite understand whether it affects a pure client (not serving
time to the outside) or not.
If the issue does affect client-only operation, what can be done for
systems that
A C wrote:
I saw the advisory about the potential issues in ntpd before 4.2.8 but I
don't quite understand whether it affects a pure client (not serving
time to the outside) or not.
If the issue does affect client-only operation, what can be done for
systems that can't be upgraded?
As far as
Folks,
ntp 4.2.8 has been released and includes a few security fixes.
Unfortunatly these fixes which have been included after 4.2.7p485-RC
break building the original tarball for Windows.
I have a temporary fix for this and compiled 4.2.8 for Windows. A ZIP
file with the binaries is
On 20/12/14 09:22, Martin Burnicki wrote:
As far as I understand the reports on bugzilla the main vulnerabilities
are in functions where signed packets (symmetric key or autokey) are
received/checked, or dynamic/remote configuration via ntpq and/or ntpdc
is enabled, which, as far as I know
Thanks *very* much, Martin!
H
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
On 2014-12-20, David Woolley david@ex.djwhome.demon.invalid wrote:
On 20/12/14 09:22, Martin Burnicki wrote:
As far as I understand the reports on bugzilla the main vulnerabilities
are in functions where signed packets (symmetric key or autokey) are
received/checked, or dynamic/remote
On 2014-12-20, William Unruh un...@invalid.ca wrote:
On 2014-12-20, David Woolley david@ex.djwhome.demon.invalid wrote:
On 20/12/14 09:22, Martin Burnicki wrote:
As far as I understand the reports on bugzilla the main vulnerabilities
are in functions where signed packets (symmetric key or
On 2014-12-20 01:30, David Woolley wrote:
On 20/12/14 09:22, Martin Burnicki wrote:
As far as I understand the reports on bugzilla the main vulnerabilities
are in functions where signed packets (symmetric key or autokey) are
received/checked, or dynamic/remote configuration via ntpq and/or
On 2014-12-20 01:22, Martin Burnicki wrote:
A C wrote:
I saw the advisory about the potential issues in ntpd before 4.2.8 but I
don't quite understand whether it affects a pure client (not serving
time to the outside) or not.
If the issue does affect client-only operation, what can be done
On 20/12/14 19:58, William Unruh wrote:
Is it an ntp packet (ie a time exchange packet)? is it a control packet
(eg ntpq type packet?) or what?
Ie, unless you use crypto, these two look like they might be dangerous.
Both routines only process NTP type 6 packets, i.e. nptq.
David Woolley david@ex.djwhome.demon.invalid wrote:
On 20/12/14 19:58, William Unruh wrote:
Is it an ntp packet (ie a time exchange packet)? is it a control packet
(eg ntpq type packet?) or what?
Ie, unless you use crypto, these two look like they might be dangerous.
Both routines only
I'm trying to compile the new 4.2.8 tarball since the Debian source
packages are broken and unable to compile due to various issues.
I downloaded the new 4.2.8 from ntp.org, unpacked and ran the following:
./configure --enable-ATOM
The script says it's unable to find sys/timepps.h however:
#
A C writes:
I'm trying to compile the new 4.2.8 tarball since the Debian source
packages are broken and unable to compile due to various issues.
I downloaded the new 4.2.8 from ntp.org, unpacked and ran the following:
./configure --enable-ATOM
The script says it's unable to find
13 matches
Mail list logo