Detections
Analytics

Network Time Protocol Daemon (ntpd) < 4.2.1 -u Group Permission Weakness Privilege Escalation

high Nessus Plugin ID 19517

Language:

Synopsis

The remote NTP server is affected by a privilege escalation vulnerability.

Description

According to its version number, the NTP (Network Time Protocol) server running on the remote host is affected by a flaw that causes it to run with the permissions of a privileged user if a group name rather than a group ID is specified on the command line. A local attacker, who has managed to compromise the application through some other means, can exploit this issue to gain elevated privileges.

Solution

Upgrade to NTP version 4.2.1 or later. Alternatively, start ntpd with a group number.

See Also

http://bugs.ntp.org/show_bug.cgi?id=392

Plugin Details

Severity: High

ID: 19517

File Name: ntp_incorrect_group_privs.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 8/29/2005

Updated: 7/16/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ntp:ntp

Required KB Items: Settings/ParanoidReport, NTP/Running

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/29/2005

Reference Information

CVE: CVE-2005-2496

BID: 14673