Re: [Fed-Talk] Snow Leopard NTP issue
Re: [Fed-Talk] Snow Leopard NTP issue
- Subject: Re: [Fed-Talk] Snow Leopard NTP issue
- From: "Link, Peter R." <email@hidden>
- Date: Thu, 02 Feb 2012 06:44:07 -0800
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Snow Leopard NTP issue
check out /usr/libexec/ntpd-wrapper, this is the program argument for ntpd.
found it referenced in /System/Library/LaunchDaemons/org.ntp.ntpd.plist
/private/etc/ntp.conf simply has the name of the ntp clock
On Feb 2, 2012, at 6:35 AM, Downin, David M CIV NSWCCD West Bethesda, 513 wrote:
> Yes, that should fix the vulnerability - however that alone will not keep it from showing in a Retina scan as all they are looking at is the version number of the executable. So you may still want to change the version number even after removing the line noted below. Also, I just noticed that line doesn't appear in the ntp.conf file I had. Mine was just a single line indicating the server to connect to.
>
>
> -----Original Message-----
> From: fed-talk-bounces+david.downin=email@hidden on behalf of Traynor, Paul I
> Sent: Wed 2/1/2012 3:31 PM
> To: email@hidden; email@hidden
> Cc: email@hidden
> Subject: Re: [Fed-Talk] Snow Leopard NTP issue
>
> Mitigation (excerpted from http://www.kb.cert.org/vuls/id/853097):
>
> Disable autokey
>
> This vulnerability can be mitigated by removing the "crypto pw password"
> line (no quotes) from the ntp.conf file.
>
> ----------------------------------------------------------
>
> -----Original Message-----
> From: fed-talk-bounces+paul.i.traynor=email@hidden
> [mailto:fed-talk-bounces+paul.i.traynor=email@hidden] On
> Behalf Of Todd Heberlein
> Sent: Wednesday, February 01, 2012 11:55 AM
> To: Smith CIV Larry E
> Cc: email@hidden
> Subject: Re: [Fed-Talk] Snow Leopard NTP issue
>
>
> On Feb 1, 2012, at 5:14 AM, Smith CIV Larry E wrote:
>
>> I've been working my way through mitigating issues found in a recent
> Retina scan and the only thing I'm having an issue with, is finding a fix
> for a "ntpd Autokey Buffer Overflow" vulnerability (CVE-2009-1252).
>
> Network-based vulnerability scanners are known to generate false positives.
> Has there been confirmation that this vulnerability exists and is
> exploitable in Snow Leopard?
>
> Todd
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
>
>
>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden