Meinberg released their upgrade yesterday (9th). http://www.meinberg.de/english/sw/ntp.htm
Rob K -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Magnus Danielson Sent: 10 December 2009 22:18 To: Discussion of precise time and frequency measurement Subject: [time-nuts] NTP dos attack Dear fellow time-nuts, Since I have seen very little news relating to it, I would just like to inform you about the security bug of NTP that was recently released about. Usefull links: https://support.ntp.org/bugs/show_bug.cgi?id=1331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://www.meinberg.de/english/news/lantime-firmware-update-ntp-security-pro blem-with-mode-7-packets.htm It's a fun little bug, send a minimal UDP packet in and all hell breaks loose. :) It is fairly easy to set this one up (initial comment in NTP bug 1331 is a good read), so you might want to check if your NTP servers need software upgrade. Meinberg for instance have confirmed that their products needs upgrade. Debian has upgraded their NTP for unstable. Check your favorit vendor or OS source. I'm patching up my machines. Consider doing the same to your machines being out there in the open. Best Regards, Magnus _______________________________________________ time-nuts mailing list -- [email protected] To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. _______________________________________________ time-nuts mailing list -- [email protected] To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
