805 : NTP ntpd readvar Variable Remote Overflow
Printer | http://osvdb.org/805 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
13	2154	over 9 years ago	about 1 year ago	3 times	90%

Timeline

Disclosure Date	Exploit Publish Date
2001-04-04	2001-04-04

Description

A remote overflow exists in the Network Time Protocol Daemon (ntpd). The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, containing an overly long 'readvar' argument a remote attacker can gain access to root privileges resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	Cisco IOS	10.3
		11.0
		11.1
		11.1AA
		11.1CA
		11.1CC
		11.1CT
		11.1IA
		11.2
		11.2BC
		11.2F
		11.2GS
		11.2P
		11.2SA
		11.2SWA4
		11.2XA
		11.3
		11.3AA
		11.3DA
		11.3DB
		11.3HA
		11.3MA
		11.3NA
		11.3T
		11.3XA
		11.3WA4
		12.0
		12.0DA
		12.0DB
		12.0DC
		12.0S
		12.0SC
		12.0SL
		12.0SP
		12.0ST
		12.0SY
		12.0T
		12.0W
		12.0WC
		12.0WT
		12.0XA
		12.0XB
		12.0XC
		12.0XD
		12.0XE
		12.0XF
		12.0XG
		12.0XH
		12.0XI
		12.0XJ
		12.0(5)XK
		12.0(7)XK
		12.0XL
		12.0XM
		12.0XN
		12.0XP
		12.0XQ
		12.0XR
		12.0XS
		12.0XU
		12.0XV
		12.1
		12.1AA
		12.1DA
12.1DB
12.1DC
12.1E
12.1EA
12.1EC
12.1EV
12.1EW
12.1(1)EX
12.1(10)EX
12.1EY
12.1EZ
12.1T
12.1XA
12.1XB
12.1XC
12.1XD
12.1XF
12.1XG
12.1XH
12.1XI
12.1XJ
12.1XK
12.1XL
12.1XM
12.1XP
12.1XQ
12.1XR
12.1XS
12.1XT
12.1XU
12.1XV
12.1XW
12.1XX
12.1XY
12.1XZ
12.1YA
12.1YB
12.1YC
12.1YD
12.1YF
12.2
12.2B
12.2BX
12.2BW
12.2DA
12.2S
12.2T
12.2XA
12.2XB
12.2XD
12.2XE
12.2XQ
12.2XZ
12.2YA
12.2YC
12.2ZN

FreeBSD Project	FreeBSD	3.5-STABLE
		4.2-STABLE

Mandriva	Corporate Server	1.0.1
	Mandriva Linux	6.0
		6.1
		7.0
		7.1
		7.2

SCO Group, Inc.	OpenLinux	2.3
	OpenServer	5.0.6
	OpenServer	5.0.0
	OpenLinux eServer	2.3.1
	OpenLinux eDesktop	2.4

Novell, Inc.	SUSE LINUX	6.0
		6.1
		6.2
		6.3
		6.4
		7.0
		7.1
	Immunix OS	7.0
		7.0-Beta
		6.2

Slackware Linux, Inc.

Slackware

7.1

Progeny

Progeny Debian

4.0.99k

Debian

Debian Linux

2.2

International Business Machines Corporation	AIX	5.1
		4.3.x

Comodo	Trustix Secure Linux	1.0.1
		1.1
		1.2

Guardian Digital, Inc.

EnGarde Secure Linux

1.0.1

References

Tools & Filters

	10647 10982 12927 13039 13164 13268 13325 13434 14882
Snort	312

Credit

Przemyslaw Frasunek - venglinfreebsd.lublin.pl - Przemyslaw Frasunek

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Timeline

Description

Classification

Solution

Products

Cisco IOS

FreeBSD

Corporate Server

Mandriva Linux

OpenLinux

OpenServer

OpenLinux eServer

OpenLinux eDesktop

SUSE LINUX

Immunix OS