[ntp:questions] What to do for clients less than 4.2.8?

William Unruh unruh at invalid.ca
Sat Dec 20 17:47:28 UTC 2014


On 2014-12-20, David Woolley <david at ex.djwhome.demon.invalid> wrote:
> On 20/12/14 09:22, Martin Burnicki wrote:
>
>>
>> As far as I understand the reports on bugzilla the main vulnerabilities
>> are in functions where signed packets (symmetric key or autokey) are
>> received/checked, or dynamic/remote configuration via ntpq and/or ntpdc
>> is enabled, which, as far as I know also requires some sort of crypto
>> top be enabled.
>>
>
> One might be in a pure status enquiry, so you may have to set noquery.
>
> In any case, except possibly for people using encryption, and maybe not 
> even them, these affect neither client nor server mode, only remote 
> management.

How can we, as users, protect ourselves against these bugs, assuming
4.2.8 is not installable at the present time. How would one set no
crypto in the conf file? How can one disable remote management?

>



More information about the questions mailing list