As a practical matter, is the default config vulnerable to the buffer overflow issues?
The announcement: http://lists.ntp.org/pipermail/announce/2014-December/000122.html says that "restrict ... noquery" is sufficient mitigation for the 3 buffer overflow issues. I'm no expert on ntp.conf, but this appears in my ntp.conf on one of my FreeBSD systems: restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery However, it also has these: restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0 Joe _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
