[ntp:questions] ***Response from server was incomplete

Harlan Stenn stenn at ntp.org
Sat Mar 15 11:59:18 UTC 2014


nikolay at rootshells.eu writes:
>
> ...
> You are correct,there is 2 reports about version:
> 
> root at ntp:/usr/ports/net/ntp # /usr/sbin/ntpd --version
> ntpd - NTP daemon program - Ver. 4.2.4p8
> 
> 
> ntpq -c "rv 0 version"
> assID=0 status=0944 leap_none, sync_telephone, 4 events,
> event_peer/strat_chg,
> version="ntpd 4.2.4p5-a (1)"

4.2.4 was first released in December of 2006.  It's ancient.

4.2.6 was first released in December of 2009.

> I tried to update to stable :
> root at ntp:/usr/ports/net/ntp # make install clean
> ===>  ntp-4.2.6p5_2 is forbidden: CVE-2013-5211 / VU.
> *** Error code 1

That seems heavy-handed.  There is no danger from that release *if* the
ntp.conf file is properly configured.

H


More information about the questions mailing list