NTP: NTP Daemon Readvar Buffer Overflow
This signature detects attempts to exploit a known vulnerability against NTP Daemon. A successful attack can enable attackers to crash the daemon or execute arbitrary code on the host. This signature is based on Proof-of-Concept data from Metasploit Framework.
Extended Description
NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implementing version 4 is called 'ntp'. On UNIX systems, the 'ntpd' daemon is available to regularly synchronize system time with internet time servers. Many versions of 'ntpd' are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. If successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host.
Affected Products
Cisco sc2200,Apple mac_os_x
Short Name
NTP:NTP-READVAR
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
NTP
Keywords
Buffer CVE-2001-0414 Daemon NTP Overflow Readvar bid:2540
Release Date
04/06/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sun
Hp
Cisco
Apple
Dave_mills
CVSS Score
10.0