-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Just FYI, we (FreeBSD) have disabled 'monlist' feature by default in
our ntpd for now (so one have to explicitly enable it to be vulnerable).
Given the fact that this issue is worsening over time, I would
recommend you to consider similar mitig
On Mon, Jan 27, 2014 at 07:35:34PM +0100, martin f krafft wrote:
> also sprach Kurt Roeckx [2014-01-27 18:31 +0100]:
> > I'm not sure what you're suggesting.
>
> Neither, but ignoring the problem isn't okay either, I feel. At the
> very least, Debian should pressure ntp.org to release a security
also sprach martin f krafft [2014-01-27 19:35 +0100]:
> Neither, but ignoring the problem isn't okay either, I feel. At the
> very least, Debian should pressure ntp.org to release a security
> upgrade for 4.2.6… and then ideally there'd be a new keyword like
> noquery except that actual NTP querie
also sprach Kurt Roeckx [2014-01-27 18:31 +0100]:
> I'm not sure what you're suggesting.
Neither, but ignoring the problem isn't okay either, I feel. At the
very least, Debian should pressure ntp.org to release a security
upgrade for 4.2.6… and then ideally there'd be a new keyword like
noquery e
On Mon, Jan 27, 2014 at 03:53:32PM +0100, martin f krafft wrote:
> also sprach Moritz Mühlenhoff [2014-01-16 22:46 +0100]:
> > Ok, let's ignore it. Marked as such in the Debian Security Tracker.
>
> Please reconsider this decision. Operators of most of the public NTP
> servers (pool.ntp.org *was*
also sprach Moritz Mühlenhoff [2014-01-16 22:46 +0100]:
> Ok, let's ignore it. Marked as such in the Debian Security Tracker.
Please reconsider this decision. Operators of most of the public NTP
servers (pool.ntp.org *was* founded by a DD!) don't just deploy
software aside from their distro and e
On Thu, Jan 02, 2014 at 06:58:25PM +0100, Kurt Roeckx wrote:
> On Thu, Jan 02, 2014 at 02:04:04PM +0100, Moritz Muehlenhoff wrote:
> > Package: ntp
> > Severity: important
> > Tags: security
> >
> > This was assigned CVE-2013-5211:
> > https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-
On Thu, Jan 02, 2014 at 02:04:04PM +0100, Moritz Muehlenhoff wrote:
> Package: ntp
> Severity: important
> Tags: security
>
> This was assigned CVE-2013-5211:
> https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
> http://www.symantec.com/connect/blogs/hackers-spend-christmas-bre
Package: ntp
Severity: important
Tags: security
This was assigned CVE-2013-5211:
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
Upstream ripped out monlist in fa
9 matches
Mail list logo
