4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
30.4%
CentOS Errata and Security Advisory CESA-2006:0393
The Network Time Protocol (NTP) is used to synchronize a computer’s time
with a reference time source.
The NTP daemon (ntpd), when run with the -u option and using a string to
specify the group, uses the group ID of the user instead of the group,
which causes ntpd to run with different privileges than intended.
(CVE-2005-2496)
The following issues have also been addressed in this update:
Users of ntp should upgrade to these updated packages, which resolve these
issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075313.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075314.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075331.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075332.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075333.html
Affected packages:
ntp
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0393
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.i386.rpm |
CentOS | 4 | x86_64 | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.x86_64.rpm |
CentOS | 4 | alpha | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.alpha.rpm |
CentOS | 4 | ia64 | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.ia64.rpm |
CentOS | 4 | s390 | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.s390.rpm |
CentOS | 4 | s390x | ntp | < 4.2.0.a.20040617-4.EL4.1 | ntp-4.2.0.a.20040617-4.EL4.1.s390x.rpm |