Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2496

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-2496
Last Modified 07 Mar 2011 09:24:36
Published 02 Sep 2005 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2496

Summary

The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Vulnerable Systems

Application

  • Dave Mills Ntpd 4.2.0.a.2004-06-17 4.fc3


References

XF - ntp-incorrect-group-permissions(22035)

VUPEN - ADV-2005-1561

FEDORA - FEDORA-2005-812

SECUNIA - 16602

BID - 14673

REDHAT - RHSA-2006:0393

OSVDB - 19055

MANDRAKE - MDKSA-2005:156

DEBIAN - DSA-801

SECTRACK - 1016679

SECUNIA - 21464


Last Updated: 27 May 2016 10:40:32