[ntp:questions] CVE-2013-5211 and xntpd
martin.burnicki at meinberg.de
Fri Feb 7 08:14:10 UTC 2014
Harlan Stenn schrieb:
> Brian Utterback writes:
>> I did test it and saw indications that it would be vulnerable. I don't
>> have exploit code so I didn't actually get an exploit going, but I saw
>> enough to convince me.
> If xntpd responds to the mode 7 monlist command it's vulnerable, and the
> easy fix is to add a 'restrict default noquery' line to the config file.
I agree xntpd is probably also vulnerable, but did it already support
the "restrict" keywords necessary to fix this?
More information about the questions