Lucene search

[email protected]CVE-2005-2496

HistorySep 02, 2005 - 5:03 p.m.

CVE-2005-2496

2005-09-0217:03:00

[email protected]

web.nvd.nist.gov

cve-2005-2496

xntpd

ntp

daemon

privilege escalation

security

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.6%

JSON

The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Affected configurations

NVD

Node

dave_millsntpdRange≤4.2.0.a.2004-06-17_4.fc3

CPENameOperatorVersion
dave_mills:ntpddave mills ntpdle4.2.0.a.2004-06-17_4.fc3

CPE	Name	Operator	Version
dave_mills:ntpd	dave mills ntpd	le	4.2.0.a.2004-06-17_4.fc3

References

secunia.com/advisories/16602

secunia.com/advisories/21464

securitytracker.com/id?1016679

www.debian.org/security/2005/dsa-801

www.mandriva.com/security/advisories?name=MDKSA-2005:156

www.osvdb.org/19055

www.redhat.com/support/errata/RHSA-2006-0393.html

www.securityfocus.com/bid/14673

www.securityspace.com/smysecure/catid.html?id=55155

www.vupen.com/english/advisories/2005/1561

exchange.xforce.ibmcloud.com/vulnerabilities/22035

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for CVE-2005-2496

nessus7 debiancve1 redhat1 openvas4 cvelist1 centos1 ubuntucve1 debian2 ubuntu1 osv1 nvd1