Privilege escalation : NTPd <= 4.2.0 Privilege Escalation Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146237

Categoría: Privilege escalation

Título: NTPd <= 4.2.0 Privilege Escalation Vulnerability

Resumen: NTPd is prone to a privilege escalation vulnerability.

Descripción: Summary:
NTPd is prone to a privilege escalation vulnerability.

Vulnerability Insight:
The xntpd ntp (ntpd) daemon, when run with the -u option and
using a string to specify the group, uses the group ID of the user instead of the group, which
causes xntpd to run with different privileges than intended.

Solution:
See the referenced vendor advisory.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2496
1016679
http://securitytracker.com/id?1016679
14673
http://www.securityfocus.com/bid/14673
16602
http://secunia.com/advisories/16602
19055
http://www.osvdb.org/19055
21464
http://secunia.com/advisories/21464
ADV-2005-1561
http://www.vupen.com/english/advisories/2005/1561
DSA-801
http://www.debian.org/security/2005/dsa-801
FEDORA-2005-812
http://www.securityspace.com/smysecure/catid.html?id=55155
MDKSA-2005:156
http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
RHSA-2006:0393
http://www.redhat.com/support/errata/RHSA-2006-0393.html
ntp-incorrect-group-permissions(22035)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
oval:org.mitre.oval:def:9669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146237
Categoría:	Privilege escalation
Título:	NTPd <= 4.2.0 Privilege Escalation Vulnerability
Resumen:	NTPd is prone to a privilege escalation vulnerability.
Descripción:	Summary: NTPd is prone to a privilege escalation vulnerability. Vulnerability Insight: The xntpd ntp (ntpd) daemon, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. Solution: See the referenced vendor advisory. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2496 1016679 http://securitytracker.com/id?1016679 14673 http://www.securityfocus.com/bid/14673 16602 http://secunia.com/advisories/16602 19055 http://www.osvdb.org/19055 21464 http://secunia.com/advisories/21464 ADV-2005-1561 http://www.vupen.com/english/advisories/2005/1561 DSA-801 http://www.debian.org/security/2005/dsa-801 FEDORA-2005-812 http://www.securityspace.com/smysecure/catid.html?id=55155 MDKSA-2005:156 http://www.mandriva.com/security/advisories?name=MDKSA-2005:156 RHSA-2006:0393 http://www.redhat.com/support/errata/RHSA-2006-0393.html ntp-incorrect-group-permissions(22035) https://exchange.xforce.ibmcloud.com/vulnerabilities/22035 oval:org.mitre.oval:def:9669 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669
Copyright	Copyright (C) 2021 Greenbone AG