Vulnerability Details CVE-2005-2496
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.2%
CVSS Severity
CVSS v2 Score 4.6
References
- http://secunia.com/advisories/16602
- http://secunia.com/advisories/21464
- http://securitytracker.com/id?1016679
- http://www.debian.org/security/2005/dsa-801
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
- http://www.osvdb.org/19055
- http://www.redhat.com/support/errata/RHSA-2006-0393.html
- http://www.securityfocus.com/bid/14673
- http://www.securityspace.com/smysecure/catid.html?id=55155
- http://www.vupen.com/english/advisories/2005/1561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669
- http://secunia.com/advisories/16602
- http://secunia.com/advisories/21464
- http://securitytracker.com/id?1016679
- http://www.debian.org/security/2005/dsa-801
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
- http://www.osvdb.org/19055
- http://www.redhat.com/support/errata/RHSA-2006-0393.html
- http://www.securityfocus.com/bid/14673
- http://www.securityspace.com/smysecure/catid.html?id=55155
- http://www.vupen.com/english/advisories/2005/1561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669
Products affected by CVE-2005-2496
-
cpe:2.3:a:dave_mills:ntpd:*