Opened 10 years ago
Closed 10 years ago
#44874 closed update (invalid)
NTP needs to be upgraded urgently
Reported by: | dave@… | Owned by: | danielluke (Daniel J. Luke) |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | ports | Version: | 2.3.1 |
Keywords: | Cc: | neverpanic (Clemens Lang) | |
Port: | ntp |
Description
As I type this, my NTPD server is under a DoS attack from a botnet, using a vulnerability known since late 2013. The ports tree urgently needs to be upgraded to NTP 4.2.7.p26; it currently has 4.2.6, which is vulnerable.
I have since firewalled inbound ntp/udp, as I am not peering.
More information at http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
Please address. Thanks.
-- Dave
Change History (6)
comment:1 Changed 10 years ago by dave@…
Cc: | dave@… added |
---|
comment:2 Changed 10 years ago by neverpanic (Clemens Lang)
Cc: | dave@… removed |
---|---|
Keywords: | ntp vulnerability removed |
Port: | ntp added; sysutils/ntp removed |
You don't need to Cc yourself, if you're the reporter. Instead, you should Cc the maintainer when filing bugs against ports (port info --maintainer ntp
).
Good thing upstream didn't bother to release a new stable version that has the problem fixed</irony> :/
Working on this.
comment:3 Changed 10 years ago by neverpanic (Clemens Lang)
Cc: | cal@… added |
---|---|
Owner: | changed from macports-tickets@… to dluke@… |
comment:4 Changed 10 years ago by neverpanic (Clemens Lang)
Resolution: | → fixed |
---|---|
Status: | new → closed |
Updated to latest dev release in r125063.
Maintainer: If you want to solve this in a different way, please attach a patch.
comment:5 Changed 10 years ago by danielluke (Daniel J. Luke)
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Macports policy is to ship the latest stable upstream version. The conf file we have always shipped with ntp includes settings to prevent ntp from being used as a DDoS amplifier (you will note that the specific command in the CVE linked to is blocked from anything other than localhost) see also http://openntpproject.org.
Do you have evidence of a new attack or that the conf we ship isn't effective?
If not, I'm going to revert cal's changes in r125063
comment:6 Changed 10 years ago by danielluke (Daniel J. Luke)
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Cc Me!