remote root compromise in xntp

2016-04-0922:30:00

lists.opensuse.org

0.968 High

EPSS

Percentile

99.7%

JSON

xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.

OSVersionArchitecturePackageVersionFilename
openSUSE6.1alphaxntp< 4.0.92c-40xntp-4.0.92c-40.alpha.rpm
openSUSE6.2i386xntp< 4.0.93a-18xntp-4.0.93a-18.i386.rpm
openSUSE7.1i386xntp< 4.0.99f-34xntp-4.0.99f-34.i386.rpm
openSUSE7.0i386xntp< 4.0.99f-37xntp-4.0.99f-37.i386.rpm
openSUSE6.4ppcxntp< 4.0.99f-21xntp-4.0.99f-21.ppc.rpm
openSUSE6.3i386xntp< 4.0.98d-1xntp-4.0.98d-1.i386.rpm
openSUSE7.0alphaxntp< 4.0.99f-22xntp-4.0.99f-22.alpha.rpm
openSUSE6.4alphaxntp< 4.0.99f-22xntp-4.0.99f-22.alpha.rpm
openSUSE6.3alphaxntp< 4.0.98d-1xntp-4.0.98d-1.alpha.rpm
openSUSE7.0ppcxntp< 4.0.99f-21xntp-4.0.99f-21.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	6.1	alpha	xntp	< 4.0.92c-40	xntp-4.0.92c-40.alpha.rpm
openSUSE	6.2	i386	xntp	< 4.0.93a-18	xntp-4.0.93a-18.i386.rpm
openSUSE	7.1	i386	xntp	< 4.0.99f-34	xntp-4.0.99f-34.i386.rpm
openSUSE	7.0	i386	xntp	< 4.0.99f-37	xntp-4.0.99f-37.i386.rpm
openSUSE	6.4	ppc	xntp	< 4.0.99f-21	xntp-4.0.99f-21.ppc.rpm
openSUSE	6.3	i386	xntp	< 4.0.98d-1	xntp-4.0.98d-1.i386.rpm
openSUSE	7.0	alpha	xntp	< 4.0.99f-22	xntp-4.0.99f-22.alpha.rpm
openSUSE	6.4	alpha	xntp	< 4.0.99f-22	xntp-4.0.99f-22.alpha.rpm
openSUSE	6.3	alpha	xntp	< 4.0.98d-1	xntp-4.0.98d-1.alpha.rpm
openSUSE	7.0	ppc	xntp	< 4.0.99f-21	xntp-4.0.99f-21.ppc.rpm

Rows per page:

1-10 of 131

0.968 High

EPSS

Percentile

99.7%

JSON

Related for SUSE-SA:2001:10