Can someone shed some light on some discrepancies in the mitigation paths for CVE-2014-9295? While I'm sure it's best to simply upgrade NTP to an unaffected version, ntp.org states the following:
http://support.ntp.org/bin/view/Support/AccessRestrictions
However, the FreeBSD security advisory, FreeBSD-SA-14:31.ntp, states:
Why doesn't the FreeBSD security advisory consider "restrict default noquery" a valid workaround for this issue?
Thank you.
A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have restrict default … noquery in your ntp.conf file.
http://support.ntp.org/bin/view/Support/AccessRestrictions
However, the FreeBSD security advisory, FreeBSD-SA-14:31.ntp, states:
No workaround is available, but systems not running ntpd(8) are not affected.
Why doesn't the FreeBSD security advisory consider "restrict default noquery" a valid workaround for this issue?
Thank you.