ID CVE-2001-0414
Summary Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
References
Vulnerable Configurations
  • cpe:2.3:a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:*
  • cpe:2.3:a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:*
    cpe:2.3:a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2005-06-01T03:30:00.000-04:00
class vulnerability
contributors
name Brian Soby
organization The MITRE Corporation
description Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
family unix
id oval:org.mitre.oval:def:3831
status accepted
submitted 2005-04-13T12:00:00.000-04:00
title Buffer Overflow in ntp Daemon via readvar
version 35
redhat via4
advisories
rhsa
id RHSA-2001:045
refmap via4
bid 2540
bugtraq
  • 20010404 ntpd =< 4.0.99k remote buffer overflow
  • 20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
  • 20010406 Immunix OS Security update for ntp and xntp3
  • 20010408 [slackware-security] buffer overflow fix for NTP
  • 20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
  • 20010409 [ESA-20010409-01] xntp buffer overflow
  • 20010409 ntp-4.99k23.tar.gz is available
  • 20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
  • 20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
  • 20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
caldera CSSA-2001-013
conectiva CLA-2001:392
debian DSA-045
freebsd FreeBSD-SA-01:31
mandrake MDKSA-2001:036
netbsd NetBSD-SA2001-004
osvdb 805
sco
  • SSE073
  • SSE074
suse SuSE-SA:2001:10
xf ntpd-remote-bo(6321)
Last major update 10-10-2017 - 01:29
Published 18-06-2001 - 04:00
Last modified 10-10-2017 - 01:29
Back to Top