[Bug 1268543] Re: CVE-2013-5211 ntp DDos
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 21 14:46:29 UTC 2014
The default ntp.conf in Ubuntu contains noquery, so monlist is disabled
by default. Sites that need monlist should restrict it from known
trusted IPs. Upstream has now removed monlist in ntp in favour of
mrulist.
Since the default configuration isn't vulnerable, there is a recommended
way to configure it for sites that require it, and the changes would be
too intrusive to backport, we have no plans to fix this in our stable
releases.
When upstream releases 4.2.8, it will likely make it's way to Ubuntu
from Debian.
** Bug watch added: Debian Bug tracker #733940
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733940
** Also affects: ntp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733940
Importance: Unknown
Status: Unknown
** Changed in: ntp (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1268543
Title:
CVE-2013-5211 ntp DDos
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1268543/+subscriptions
More information about the Ubuntu-server-bugs
mailing list