NTP ntpd readvar Variable Remote Overflow

2001-04-04T00:00:00
ID OSVDB:805
Type osvdb
Reporter Przemyslaw Frasunek(venglin@freebsd.lublin.pl)
Modified 2001-04-04T00:00:00

Description

Vulnerability Description

A remote overflow exists in the Network Time Protocol Daemon (ntpd). The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, containing an overly long 'readvar' argument a remote attacker can gain access to root privileges resulting in a loss of integrity.

Solution Description

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in the Network Time Protocol Daemon (ntpd). The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, containing an overly long 'readvar' argument a remote attacker can gain access to root privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.slackware.com/ Vendor URL: http://www.debian.org/ Vendor URL: http://www.engardelinux.org/modules/index/index.cgi Vendor URL: http://www.sco.com/ Vendor URL: http://www.progeny.com/ Vendor URL: http://www.ibm.com/us/ Vendor URL: http://wwwnew.mandriva.com/ Vendor URL: http://www.trustix.com/ Vendor URL: http://www.freebsd.org/ Vendor URL: http://www.novell.com/ Vendor URL: http://www.cisco.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL RedHat RHSA: RHSA-2001:045-05 Nessus Plugin ID:10982 Nessus Plugin ID:10647 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0041.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0046.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0120.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0345.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0212.html ISS X-Force ID: 6321 CVE-2001-0414 CERT VU: 970472 Bugtraq ID: 2540