NTP vulnerability
Patrick O'Callaghan
pocallaghan at gmail.com
Tue Dec 23 17:03:36 UTC 2014
On Tue, 2014-12-23 at 03:54 +0100, Ralf Corsepius wrote:
> On 12/22/2014 01:50 PM, Patrick O'Callaghan wrote:
> > On Mon, 2014-12-22 at 04:48 +0800, Ed Greshko wrote:
> >> On 12/22/14 02:46, Aaron Gray wrote:
> >>> There are no ntp or ntpd or systemd-timesyncd packages on F20 !
> >>
> >> The default time sync package is now chrony.
> >>
> >> ntp is available in the F20 repos.
> >>
> >
> > AFAIK chrony still connects to NTP servers, however the vulnerability in
> > question is not with NTP as such but with ntpd, which as you say is no
> > longer part of Fedora.
>
> Of course, ntp is part of Fedora:
I said *ntpd*. Not the protocol but the daemon.
> # repoquery -q ntp
> ntp-0:4.2.6p5-23.fc21.x86_64
>
> It's just that it's not installed by default.
Yes, already corrected.
poc
More information about the users
mailing list