I did an upgrade from 8.0 to 8.1 a few weeks ago and found out that it included NTPD (and all supplied utilities) and that it still has an outdated vulnerable version 4.2.4p5-a
Here is a prove on that :
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
Before submitting this issue as a PR, I want to ask community – Is there a reason to keep an old version of NTPD?
BTW, maybe somebody knows - Why are scripts from /usr/src/contrib/ntp/scripts not installed in the system? I believe some scripts can be very useful, especially ntp-wait.
Regards,
Alex.
Here is a prove on that :
http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
Before submitting this issue as a PR, I want to ask community – Is there a reason to keep an old version of NTPD?
BTW, maybe somebody knows - Why are scripts from /usr/src/contrib/ntp/scripts not installed in the system? I believe some scripts can be very useful, especially ntp-wait.
Regards,
Alex.