Dear fellow time-nuts,
Since I have seen very little news relating to it, I would just like to
inform you about the security bug of NTP that was recently released about.
Usefull links:
https://support.ntp.org/bugs/show_bug.cgi?id=1331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
http://www.meinberg.de/english/news/lantime-firmware-update-ntp-security-problem-with-mode-7-packets.htm
It's a fun little bug, send a minimal UDP packet in and all hell breaks
loose. :)
It is fairly easy to set this one up (initial comment in NTP bug 1331 is
a good read), so you might want to check if your NTP servers need
software upgrade. Meinberg for instance have confirmed that their
products needs upgrade. Debian has upgraded their NTP for unstable.
Check your favorit vendor or OS source.
I'm patching up my machines. Consider doing the same to your machines
being out there in the open.
Best Regards,
Magnus
_______________________________________________
time-nuts mailing list -- [email protected]
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
