Vulnerability Name: CVE-2001-0414 (CCN-6321) Assigned: 2001-04-04 Published: 2001-04-04 Updated: 2017-10-10 Summary: Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.8 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNntpd contains potential remote compromise FreeBSD-SA-01:31 NetBSD-SA2001-004 remote root exploit in ntpd SCO OpenServer NTP buffer overflow fix SSE073 SSE074 ntpd =< 4.0.99k remote buffer overflow Re: ntpd =< 4.0.99k remote buffer overflow NTP remote buffer overflow ntp-4.99k23.tar.gz is available ntpd remote buffer overflow ntpd - new Debian 2.2 (potato) version is also vulnerable 20010409 [ESA-20010409-01] xntp buffer overflow xntp3 Xntpd xntp IOS and NTP 20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow 20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp ntp and xntp3 xntpd potential buffer overflow CVE-2001-0414 CLA-2001:392 xntp3 Sec. Vulnerability in xntpd(1M) (revised 02) SuSE-SA:2001:10 20010404 ntpd =< 4.0.99k remote buffer overflow 20010405 Re: ntpd =< 4.0.99k remote buffer overflow] 20010406 Immunix OS Security update for ntp and xntp3 20010408 [slackware-security] buffer overflow fix for NTP 20010409 ntp-4.99k23.tar.gz is available 20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow 20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable Network Time Daemon (ntpd) has potential remote root exploit xntpd CSSA-2001-013 Network Time Protocol (NTP) Vulnerabilities NTP Vulnerability ntpd -- remote root exploit Tim Synchronization Server Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function MDKSA-2001:036 805 NTP ntpd readvar Variable Remote Overflow RHSA-2001:045 2540 Ntpd Remote Buffer Overflow Vulnerability buffer overflow fix for NTP ntp/xntp3 ntpd-remote-bo(6321) ntpd-remote-bo(6321) oval:org.mitre.oval:def:3831 DSA-045 Vulnerable Configuration: Configuration 1 :cpe:/a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:* OR cpe:/a:dave_mills:ntpd:*:*:*:*:*:*:*:* (Version <= 4.0.99k) OR cpe:/a:dave_mills:xntp3:5.93:*:*:*:*:*:*:* OR cpe:/a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:* OR cpe:/a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:* OR cpe:/a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:* OR cpe:/a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:* OR cpe:/a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:freebsd:freebsd:3.0:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:3.1:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:3.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:3.3:-:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:4.3.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:3.4:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:7.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:3.5:*:*:*:*:*:*:* OR cpe:/a:connectiva:linux:-:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.4:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:* OR cpe:/o:netbsd:netbsd:1.5:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:* OR cpe:/o:freebsd:freebsd:4.2:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:-:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:7.1:*:*:*:*:*:*:* OR cpe:/o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:4.3.3:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:4.3.1:*:*:*:*:*:*:* Oval Definitions BACK
dave_mills ntpd 4.0.99
dave_mills ntpd 4.0.99a
dave_mills ntpd 4.0.99b
dave_mills ntpd 4.0.99c
dave_mills ntpd 4.0.99d
dave_mills ntpd 4.0.99e
dave_mills ntpd 4.0.99f
dave_mills ntpd 4.0.99g
dave_mills ntpd 4.0.99h
dave_mills ntpd 4.0.99i
dave_mills ntpd 4.0.99j
dave_mills ntpd *
dave_mills xntp3 5.93
dave_mills xntp3 5.93a
dave_mills xntp3 5.93b
dave_mills xntp3 5.93c
dave_mills xntp3 5.93d
dave_mills xntp3 5.93e
freebsd freebsd 3.0
freebsd freebsd 3.1
freebsd freebsd 3.2
suse suse linux 6.2
ibm aix 4.3
freebsd freebsd 3.3 -
suse suse linux 6.0
ibm aix 4.3.2
redhat linux 6.2
freebsd freebsd 3.4
suse suse linux 6.3
suse suse linux 6.4
debian debian linux 2.2
slackware slackware linux 7.0
mandrakesoft mandrake linux 7.0
suse suse linux 6.1
mandrakesoft mandrake linux 7.1
freebsd freebsd 3.5
connectiva linux -
mandrakesoft mandrake linux 6.0
mandrakesoft mandrake linux 6.1
redhat linux 7
netbsd netbsd 1.4
freebsd freebsd 4.1
mandrakesoft mandrake linux 7.2
netbsd netbsd 1.5
suse suse linux 7.0
mandrakesoft mandrake linux corporate server 1.0.1
freebsd freebsd 4.2
trustix secure linux -
suse suse linux 7.1
slackware slackware linux 7.1
engardelinux secure community 1.0.1
ibm aix 5.1
redhat linux 7.1
ibm aix 4.3.3
redhat linux 7.2
redhat linux 7.3
ibm aix 4.3.1
Denotes that component is vulnerable