Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2001-0414

Disclosure Date: June 18, 2001
CVE-2001-0414
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/multi/ntp/ntp_overflow
Reporter
Unknown

Vendors

  • dave mills

Products

  • ntpd,
  • ntpd 4.0.99,
  • ntpd 4.0.99a,
  • ntpd 4.0.99b,
  • ntpd 4.0.99c,
  • ntpd 4.0.99d,
  • ntpd 4.0.99e,
  • ntpd 4.0.99f,
  • ntpd 4.0.99g,
  • ntpd 4.0.99h,
  • ntpd 4.0.99i,
  • ntpd 4.0.99j,
  • xntp3 5.93,
  • xntp3 5.93a,
  • xntp3 5.93b,
  • xntp3 5.93c,
  • xntp3 5.93d,
  • xntp3 5.93e

References

Canonical
CVE-2001-0414 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0414)
BID-2540 (http://www.securityfocus.com/bid/2540)
Advisory
http://www.redhat.com/support/errata/RHSA-2001-045.html
http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
20010409 [ESA-20010409-01] xntp buffer overflow (http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html)
20010409 ntp-4.99k23.tar.gz is available (http://marc.info?l=bugtraq&m=98683952401753&w=2)
20010404 ntpd =< 4.0.99k remote buffer overflow (http://marc.info?l=bugtraq&m=98642418618512&w=2)
OSVDB-805 (http://www.osvdb.org/805)
20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable (http://marc.info?l=bugtraq&m=98684532921941&w=2)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3831
20010406 Immunix OS Security update for ntp and xntp3 (http://marc.info?l=bugtraq&m=98659782815613&w=2)
20010405 Re: ntpd =< 4.0.99k remote buffer overflow] (http://marc.info?l=bugtraq&m=98654963328381&w=2)
20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow (http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html)
20010408 [slackware-security] buffer overflow fix for NTP (http://marc.info?l=bugtraq&m=98679815917014&w=2)
20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp (http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html)
20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow (http://marc.info?l=bugtraq&m=98684202610470&w=2)
DSA-045 (https://www.debian.org/security/2001/dsa-045)
XF-ntpd-remote-bo(6321) (https://exchange.xforce.ibmcloud.com/vulnerabilities/6321)
Miscellaneous
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
http://distro.conectiva.com.br/atualizacoes?id=a&anuncio=000392
CSSA-2001-013 (http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis