OS: Linux x86 ntpdx Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Network Time Protocol Daemon (NTPd) running on LINUX. If the response to a query causes more than 70bytes of shell code to be executed, the destination buffer is damaged. Attackers can remotely send a large readvar argument as a query to cause a buffer overflow and gain root access.
Extended Description
NTP, the Network Time Protocol, is used to synchronize the time between a computer and another system or time reference. It uses UDP as a transport protocol. There are two protocol versions in use: NTP v3 and NTP v4. The 'ntpd' daemon implementing version 3 is called 'xntp3'; the version implementing version 4 is called 'ntp'. On UNIX systems, the 'ntpd' daemon is available to regularly synchronize system time with internet time servers. Many versions of 'ntpd' are prone to a remotely exploitable buffer-overflow issue. A remote attacker may be able to crash the daemon or execute arbitrary code on the host. If successful, the attacker may gain root access on the victim host or may denial NTP service on the affected host.
Affected Products
Cisco sc2200,Apple mac_os_x
Short Name
OS:LINUXX86:NTPDX-OF
Severity
Info
Recommended
False
Recommended Action
None
Category
OS
Keywords
Buffer CVE-2001-0414 Linux Overflow bid:2540 ntpdx x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/123
False Positive
Rarely
Vendors
Sun
Hp
Cisco
Apple
Dave_mills
CVSS Score
10.0