Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2001-0414

Published: 18/06/2001 Updated: 10/10/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ntpd

Vulnerability Summary

Buffer overflow in ntpd ntp daemon 4.0.99k and previous versions (aka xntpd and xntp3) allows remote malicious users to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Vulnerable Product Search on Vulmon Subscribe to Product

dave mills ntpd 4.0.99b

dave mills ntpd 4.0.99c

dave mills xntp3 5.93

dave mills xntp3 5.93a

dave mills ntpd 4.0.99

dave mills ntpd 4.0.99a

dave mills ntpd 4.0.99h

dave mills ntpd 4.0.99i

dave mills ntpd 4.0.99j

dave mills ntpd

dave mills ntpd 4.0.99f

dave mills ntpd 4.0.99g

dave mills xntp3 5.93d

dave mills xntp3 5.93e

dave mills ntpd 4.0.99d

dave mills ntpd 4.0.99e

dave mills xntp3 5.93b

dave mills xntp3 5.93c

Vendor Advisories

Debian Security Advisories: DSA-045-2 ntpd -- remote root exploit
Przemyslaw Frasunek <venglin@FREEBSDLUBLINPL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack This has been corrected for Debia ...
Cisco: NTP Vulnerability
Network Time Protocol (NTP) is used to synchronize time on multiple devices A vulnerability has been discovered in the NTP daemon query processing functionality This vulnerability has been publicly announced The following products are identified as affected by this vulnerability: All releases of Cisco IOS software Medi ...

Exploits

Exploit DB: NTPd - Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/2540/info NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference It uses UDP as a transport protocol There are two protocol versions in use: NTP v3 and NTP v4 The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implement ...
Exploit DB: NTP daemon readvar - Remote Buffer Overflow (Metasploit)
## # $Id: ntp_overflowrb 10150 2010-08-25 20:55:37Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Me ...
Exploit DB: NTPd 4.0.99j-k readvar - Remote Buffer Overflow (Metasploit)
## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf: ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/2540http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3http://www.redhat.com/support/errata/RHSA-2001-045.htmlhttp://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txtftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.aschttp://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.ascftp://ftp.sco.com/SSE/sse073.ltrftp://ftp.sco.com/SSE/sse074.ltrhttp://archives.neohapsis.com/archives/bugtraq/2001-04/0314.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-04/0127.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-04/0225.htmlhttp://www.osvdb.org/805http://marc.info/?l=bugtraq&m=98683952401753&w=2http://marc.info/?l=bugtraq&m=98654963328381&w=2http://marc.info/?l=bugtraq&m=98642418618512&w=2http://marc.info/?l=bugtraq&m=98684532921941&w=2http://marc.info/?l=bugtraq&m=98679815917014&w=2http://marc.info/?l=bugtraq&m=98659782815613&w=2http://marc.info/?l=bugtraq&m=98684202610470&w=2https://www.debian.org/security/2001/dsa-045https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3831https://exchange.xforce.ibmcloud.com/vulnerabilities/6321https://nvd.nist.govhttps://www.debian.org/security/./dsa-045https://www.exploit-db.com/exploits/20727/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020508-ntp-vulnerabilityhttps://www.kb.cert.org/vuls/id/970472
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook