Users login

Create an account »


Users login

Home » Hacking News » FreeBSD Security Advisory - timed

FreeBSD Security Advisory - timed

by phiber on March 14th, 2001 Malformed packets sent to the timed daemon could cause it to crash, thereby denying service to clients if timed is not run under a watchdog process which causes it to automatically restart in the event of a failure. The timed daemon is not run in this way in the default invocation from /etc/rc.conf using the timed_enable variable.

The timed daemon is not enabled by default, and its use is not recommended (FreeBSD includes ntpd(8), the network time protocol daemon, which provides superior functionality).

All versions of FreeBSD 3.x and 4.x prior to the correction date including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this problem, if they have been configued to run timed. It was corrected
prior to the forthcoming release of FreeBSD 4.3.


Remote users can cause the timed daemon to crash, denying service to clients.


Implement packet filtering at perimeter firewalls or on the local machine using ipfw(8)/ipf(8) to prevent untrusted users from connecting to the timed service. The timed daemon listens on UDP port
525 by default.


Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE after the respective correction dates.

For upgrade URLs download the whole advisory.

Download this advisory

Visit FreeBSD Security

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »