Bug 196146

Summary: [security] ntpd <= 2.4.7 vulnerable to possible buffer overrun, denial of service, weak cryptography
Product: Base System Reporter: Harrison Grundy <harrison.grundy>
Component: binAssignee: Xin LI <delphij>
Status: Closed FIXED    
Severity: Affects Some People CC: delphij
Priority: --- Keywords: security
Version: CURRENT   
Hardware: Any   
OS: Any   
URL: http://www.kb.cert.org/vuls/id/852879

Description Harrison Grundy 2014-12-19 23:33:41 UTC 
ntpd in base may be vulnerable to http://www.kb.cert.org/vuls/id/852879

More information at http://support.ntp.org/bin/view/Main/SecurityNotice

(Thanks for pointing it out, bjk)
Comment 1 Xin LI freebsd_committer freebsd_triage 2014-12-20 00:55:27 UTC 
Base system patch (DRAFT) at: https://reviews.freebsd.org/D1343
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2015-03-12 05:26:02 UTC 
Over to delphij to see if this PR is stale.
Comment 3 Xin LI freebsd_committer freebsd_triage 2015-03-12 05:27:53 UTC 
Fixed as part of FreeBSD-SA-14:31.ntp.