Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-2496

Published: 02/09/2005 Updated: 11/10/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ntpd

Vulnerability Summary

The xntpd ntp (ntpd) daemon prior to 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Vulnerable Product Search on Vulmon Subscribe to Product

dave mills ntpd

Vendor Advisories

Ubuntu Security Notice: ntp vulnerability
Thomas Biege discovered a flaw in the privilege dropping of the NTP server When ntpd was configured to drop root privileges, and the group to run under was specified as a name (as opposed to a numeric group ID), ntpd changed to the wrong group Depending on the actual group it changed to, this could either cause non-minimal privileges, or a malfun ...
Debian Security Advisories: DSA-801-1 ntp -- programming error
SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended The old stable distribution (woody) is not affected by this problem For the stab ...

References

NVD-CWE-Otherhttp://www.securityspace.com/smysecure/catid.html?id=55155http://secunia.com/advisories/16602http://www.mandriva.com/security/advisories?name=MDKSA-2005:156http://www.debian.org/security/2005/dsa-801http://www.securityfocus.com/bid/14673http://www.redhat.com/support/errata/RHSA-2006-0393.htmlhttp://secunia.com/advisories/21464http://www.osvdb.org/19055http://securitytracker.com/id?1016679http://www.vupen.com/english/advisories/2005/1561https://exchange.xforce.ibmcloud.com/vulnerabilities/22035https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669https://usn.ubuntu.com/175-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook