Network Time Protocol Daemon (ntpd) < 4.2.1 -u Group Permission Weakness Privilege Escalation

Medium Nessus Plugin ID 19517


The remote NTP server is affected by a privilege escalation vulnerability.


According to its version number, the NTP (Network Time Protocol) server running on the remote host is affected by a flaw that causes it to run with the permissions of a privileged user if a group name rather than a group ID is specified on the command line. A local attacker, who has managed to compromise the application through some other means, can exploit this issue to gain elevated privileges.


Upgrade to NTP version 4.2.1 or later. Alternatively, start ntpd with a group number.

See Also

Plugin Details

Severity: Medium

ID: 19517

File Name: ntp_incorrect_group_privs.nasl

Version: $Revision: 1.15 $

Type: remote

Family: Misc.

Published: 2005/08/29

Modified: 2016/12/07

Dependencies: 10884

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ntp:ntp

Required KB Items: NTP/Running, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/08/29

Reference Information

CVE: CVE-2005-2496

BID: 14673

OSVDB: 19055