Vulnerability Description
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dave Mills | Ntpd | <= 4.2.0.a.2004-06-17_4.fc3 |
References
- http://secunia.com/advisories/16602Vendor Advisory
- http://secunia.com/advisories/21464
- http://securitytracker.com/id?1016679
- http://www.debian.org/security/2005/dsa-801
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
- http://www.osvdb.org/19055
- http://www.redhat.com/support/errata/RHSA-2006-0393.html
- http://www.securityfocus.com/bid/14673
- http://www.securityspace.com/smysecure/catid.html?id=55155Vendor Advisory
- http://www.vupen.com/english/advisories/2005/1561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/16602Vendor Advisory
- http://secunia.com/advisories/21464
- http://securitytracker.com/id?1016679
FAQ
What is CVE-2005-2496?
CVE-2005-2496 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with diffe...
How severe is CVE-2005-2496?
CVE-2005-2496 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2496?
Check the references section above for vendor advisories and patch information. Affected products include: Dave Mills Ntpd.