[BlueOnyx:14264] Re: Another DDOS vulnerability: NTP Amplification Attacks - not affected
Michael Stauber
mstauber at blueonyx.it
Tue Jan 14 12:20:40 -05 2014
Hi George,
> This needs to be a high-priority check/fix on BX systems to stop
> servers being exploited for attacks.
I just checked the BlueOnyx NTP configuration, checked the changelog of
the "ntp" RPMs and checked with upstream, where this sheds light on the
situation:
https://bugzilla.redhat.com/show_bug.cgi?id=1047854
---------------------------------
Miroslav Lichvar 2014-01-02 07:23:04 EST:
The default ntp.conf included in our ntp packages has noquery in the
default restrict line, which blocks the monlist command.
---------------------------------
So BlueOnyx is not affected by CVE-2013-5211.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list