Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:1361412562310150695
HistoryJun 21, 2021 - 12:00 a.m.

NTP < 4.0 Integer Overflow or Wraparound Vulnerability

2021-06-2100:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the
NTP server to return the wrong date/time offset when a client requests a date/time that is more
than 34 years away from the server

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:ntp:ntp";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.150695");
  script_version("2024-02-20T05:05:48+0000");
  script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"creation_date", value:"2021-06-21 09:34:21 +0000 (Mon, 21 Jun 2021)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_cve_id("CVE-2004-0657");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("NTP < 4.0 Integer Overflow or Wraparound Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("General");
  script_dependencies("ntp_open.nasl", "gb_ntp_detect_lin.nasl");
  script_mandatory_keys("ntpd/version/detected");

  script_tag(name:"summary", value:"Integer overflow in the NTP daemon (NTPd) before 4.0 causes the
  NTP server to return the wrong date/time offset when a client requests a date/time that is more
  than 34 years away from the server's time.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");

  script_tag(name:"affected", value:"NTPd version prior to 4.0.");

  script_tag(name:"solution", value:"Update to version 4.0 or later.");

  script_xref(name:"URL", value:"http://support.ntp.org/bin/view/Main/SecurityNotice#July_1999_Internal_overflow_if_d");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];
proto = infos["proto"];

if (version_is_less(version: version, test_version: "4.0")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "4.0", install_path: location);
  security_message(port: port, proto: proto, data: report);
  exit(0);
}

exit(99);

Related

debiancve 1
redhatcve 1
cvelist 1
nvd 1
cve 1
debiancve
debiancve
CVE-2004-0657
2004-08-06 04:00:00
redhatcve
redhatcve
CVE-2004-0657
2020-06-24 13:50:37
cvelist
cvelist
CVE-2004-0657
2004-07-13 04:00:00
nvd
nvd
CVE-2004-0657
2004-08-06 04:00:00
cve
cve
CVE-2004-0657
2004-08-06 04:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON
Related for OPENVAS:1361412562310150695
debiancve1redhatcve1cvelist1nvd1cve1