NTPd vulnerability [CVE-2014-9295 / CERT VU#852879]
-
Some news hit the wire recently about a dangerous NTP vuln:
http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata (site currently offline, possibly due to DoS)
https://news.ycombinator.com/item?id=8773341Just wondering if pfSense is vulnerable to this? Do we need to patch or block something in response here? I read that BSD uses OpenNTPD which at first I had heard was impervious to this, but on https://doc.pfsense.org/index.php/NTP_Server it states "The ntp.org NTPD distribution of ntpd is used" so now I am not sure. Any comments?
-
We're still investigating it internally.
Some more related links:
Google Cache of the NTP.org notice:
https://webcache.googleusercontent.com/search?q=cache:jMcfipOGXXwJ:support.ntp.org/bin/view/Main/SecurityNotice+&cd=4&hl=en&ct=clnk&gl=usCERT Page:
http://www.kb.cert.org/vuls/id/852879Redhat entry with some Analysis (that sounds not-too-bad, actually):
https://bugzilla.redhat.com/show_bug.cgi?id=1176037#c11NMAP script to check versions, but not an exploit test:
https://gist.github.com/TomSellers/8d887db6ba11e2466db5 -
what we know at this point.
https://blog.pfsense.org/?p=1514