ID CVE-2005-2496
Summary The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
References
Vulnerable Configurations
  • cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:21:13.175-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
family unix
id oval:org.mitre.oval:def:9669
status accepted
submitted 2010-07-09T03:56:16-04:00
title The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
version 29
redhat via4
advisories
bugzilla
id 1617728
title CVE-2005-2496 security flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • comment ntp is earlier than 0:4.2.0.a.20040617-4.EL4.1
      oval oval:com.redhat.rhsa:tst:20060393001
    • comment ntp is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060393002
rhsa
id RHSA-2006:0393
released 2006-08-10
severity Low
title RHSA-2006:0393: ntp security update (Low)
rpms
  • ntp-0:4.2.0.a.20040617-4.EL4.1
  • ntp-debuginfo-0:4.2.0.a.20040617-4.EL4.1
refmap via4
bid 14673
debian DSA-801
fedora FEDORA-2005-812
mandrake MDKSA-2005:156
osvdb 19055
sectrack 1016679
secunia
  • 16602
  • 21464
vupen ADV-2005-1561
xf ntp-incorrect-group-permissions(22035)
Last major update 11-10-2017 - 01:30
Published 02-09-2005 - 17:03
Last modified 11-10-2017 - 01:30
Back to Top