11 matches found
NTPd <= 4.2.0 Privilege Escalation Vulnerability
NTPd is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription...
CentOS 4 : ntp (CESA-2006:0393)
Updated ntp packages that fix several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a reference time source. The NTP daemon ntpd, when run with the...
RHEL 4 : ntp (RHSA-2006:0393)
Updated ntp packages that fix several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a reference time source. The NTP daemon ntpd, when run with the...
MDKSA-2005:156 : ntp
When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. The updated packages have been patched to correct this problem. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associate...
Fedora Core 3 : ntp-4.2.0.a.20040617-5.FC3 (2005-812)
When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. This problem is now fixed by this update. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2496 to this issue. Note tha...
Debian DSA-801-1 : ntp - programming error
SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended. %NASLMINLEVEL 70300 C Tenabl...
[SECURITY] [DSA 801-1] New ntp packages fix group id confusion
-------------------------------------------------------------------------- Debian Security Advisory DSA 801-1 [email protected] http://www.debian.org/security/ Martin Schulze September 5th, 2005 http://www.debian.org/security/faq -...
CVE-2005-2496
The xntpd ntp ntpd daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended...
CVE-2005-2496
The xntpd ntp ntpd daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended...
CVE-2005-2496
The xntpd ntp ntpd daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended...
CVE-2005-2496
CVE-2005-2496 affects the ntp (ntpd) daemon when run with the -u option and a group name string; it causes ntpd to use the user’s group ID instead of the specified group, leading to privilege differences. Affected product is ntp/ntpd prior to the patched releases (e.g., ntp updates cited in RHSA-...