[ntp:questions] What to do for clients less than 4.2.8?
martin.burnicki at burnicki.net
Sat Dec 20 09:22:14 UTC 2014
A C wrote:
> I saw the advisory about the potential issues in ntpd before 4.2.8 but I
> don't quite understand whether it affects a pure client (not serving
> time to the outside) or not.
> If the issue does affect client-only operation, what can be done for
> systems that can't be upgraded?
As far as I understand the reports on bugzilla the main vulnerabilities
are in functions where signed packets (symmetric key or autokey) are
received/checked, or dynamic/remote configuration via ntpq and/or ntpdc
is enabled, which, as far as I know also requires some sort of crypto
top be enabled.
So from my understanding disabling crypto in ntp.conf should avoid the
main vulnerabilities as a first, quick step.
More information about the questions