Vulnerabilities > CVE-2001-0414 - Remote Buffer Overflow vulnerability in Dave Mills Ntpd and Xntp3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
Vulnerable Configurations
Exploit-Db
description Ntpd Remote Buffer Overflow Vulnerability. CVE-2001-0414 . Remote exploit for linux platform id EDB-ID:20727 last seen 2016-02-02 modified 2001-04-04 published 2001-04-04 reporter babcia padlina ltd source https://www.exploit-db.com/download/20727/ title Ntpd Remote Buffer Overflow Vulnerability description ntpd 4.0.99j-k readvar Buffer Overflow. CVE-2001-0414. Remote exploit for linux platform id EDB-ID:9940 last seen 2016-02-01 modified 2001-04-04 published 2001-04-04 reporter patrick source https://www.exploit-db.com/download/9940/ title ntpd 4.0.99j-k readvar - Buffer Overflow description NTP daemon readvar Buffer Overflow. CVE-2001-0414. Remote exploit for linux platform id EDB-ID:16285 last seen 2016-02-01 modified 2010-08-25 published 2010-08-25 reporter metasploit source https://www.exploit-db.com/download/16285/ title NTP daemon readvar Buffer Overflow
Metasploit
| description | This module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique. |
| id | MSF:EXPLOIT/MULTI/NTP/NTP_OVERFLOW |
| last seen | 2020-06-07 |
| modified | 1976-01-01 |
| published | 1976-01-01 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0414 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/ntp/ntp_overflow.rb |
| title | NTP Daemon readvar Buffer Overflow |
Nessus
NASL family CISCO NASL id CSCDT93866.NASL description By sending a crafted NTP control packet, it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine. This vulnerability is documented as Cisco Bug ID CSCdt93866. An attacker may use this flaw to execute arbitrary code on the remote host (although it last seen 2020-03-28 modified 2002-06-05 plugin id 10982 published 2002-06-05 reporter This script is Copyright (C) 2002-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/10982 title Cisco NTP ntpd readvar Variable Remote Overflow (CSCdt93866) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-045.NASL description Przemyslaw Frasunek <[email protected]> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2. last seen 2020-06-01 modified 2020-06-02 plugin id 14882 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14882 title Debian DSA-045-2 : ntpd - remote root exploit NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-036.NASL description Przemyslaw Frasunek <[email protected]> reported that ntp daemons such as ntp and xntp3 are vulnerable to a buffer overflow that can lead to a remote root exploit. Linux-Mandrake users are urged to upgrade ntp and xntp3 immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 61909 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61909 title Mandrake Linux Security Advisory : ntp (MDKSA-2001:036) NASL family CISCO NASL id CISCO-SA-20020508-NTP-VULNERABILITYHTTP.NASL description Network Time Protocol (NTP) is used to synchronize time on multiple devices. A vulnerability has been discovered in the NTP daemon query processing functionality. This vulnerability has been publicly announced. Other Cisco software applications may run on Solaris platforms and where those products have not specifically been identified, customers should install security patches regularly in accordance with their normal maintenance procedures. Cisco is continuing to research this issue in other products that may be affected. Unless explicitly stated otherwise, all other products are considered to be unaffected. There are workarounds available to mitigate the effects. last seen 2020-06-01 modified 2020-06-02 plugin id 48965 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48965 title NTP Vulnerability - Cisco Systems NASL family Gain a shell remotely NASL id NTP_OVERFLOW.NASL description The remote NTP server is affected by a buffer overflow condition due to improper bounds checking on the last seen 2020-06-01 modified 2020-06-02 plugin id 10647 published 2001-04-10 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10647 title Network Time Protocol Daemon (ntpd) readvar Variable Overflow RCE
Oval
| accepted | 2005-06-01T03:30:00.000-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:3831 | ||||
| status | accepted | ||||
| submitted | 2005-04-13T12:00:00.000-04:00 | ||||
| title | Buffer Overflow in ntp Daemon via readvar | ||||
| version | 35 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82268/ntp_overflow.rb.txt |
| id | PACKETSTORM:82268 |
| last seen | 2016-12-05 |
| published | 2009-10-27 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/82268/NTPd-Buffer-Overflow.html |
| title | NTPd Buffer Overflow |
Redhat
| advisories |
|
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
- ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
- ftp://ftp.sco.com/SSE/sse073.ltr
- ftp://ftp.sco.com/SSE/sse074.ltr
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
- http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
- http://marc.info/?l=bugtraq&m=98642418618512&w=2
- http://marc.info/?l=bugtraq&m=98654963328381&w=2
- http://marc.info/?l=bugtraq&m=98659782815613&w=2
- http://marc.info/?l=bugtraq&m=98679815917014&w=2
- http://marc.info/?l=bugtraq&m=98683952401753&w=2
- http://marc.info/?l=bugtraq&m=98684202610470&w=2
- http://marc.info/?l=bugtraq&m=98684532921941&w=2
- http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
- http://www.osvdb.org/805
- http://www.redhat.com/support/errata/RHSA-2001-045.html
- http://www.securityfocus.com/bid/2540
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6321
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3831
- https://www.debian.org/security/2001/dsa-045