Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » FreeBSD Security Advisory - timed

FreeBSD Security Advisory - timed

by phiber on March 14th, 2001 Malformed packets sent to the timed daemon could cause it to crash, thereby denying service to clients if timed is not run under a watchdog process which causes it to automatically restart in the event of a failure. The timed daemon is not run in this way in the default invocation from /etc/rc.conf using the timed_enable variable.

The timed daemon is not enabled by default, and its use is not recommended (FreeBSD includes ntpd(8), the network time protocol daemon, which provides superior functionality).




All versions of FreeBSD 3.x and 4.x prior to the correction date including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this problem, if they have been configued to run timed. It was corrected
prior to the forthcoming release of FreeBSD 4.3.



Impact



Remote users can cause the timed daemon to crash, denying service to clients.



Workaround



Implement packet filtering at perimeter firewalls or on the local machine using ipfw(8)/ipf(8) to prevent untrusted users from connecting to the timed service. The timed daemon listens on UDP port
525 by default.



Solution



Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE after the respective correction dates.

For upgrade URLs download the whole advisory.



Download this advisory

Visit FreeBSD Security


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »