Vulnerability Note VU#970472

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Original Release date: 05 Apr 2001 | Last revised: 22 May 2008

Overview

There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk.

Description

The buffer overflow condition appears in the ctl_getitem() function in ntp_control.c, the NTP control code. Because the ntp protocol uses UDP, attacks attempting to exploit this vulnerability will likely be spoofed.

Impact

It has been reported that a remote intruder can execute arbitrary code with the default privileges on the running daemon, typically root. While this report is still being evaluated, crashing of the NTP daemon has been confirmed.

Solution

Apply patches supplied by your vendor

Until patches can be applied, the CERT/CC strongly urges affected sites to block ntp requests (123/{tcp,udp}) at their network perimeter or disable ntpd altogether. It is unclear at this time if using secured NTP services provides a full defense against all attacks attempting to exploit this vulnerability.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Berkeley Software Design, Inc.Affected-10 Apr 2001
Compaq Computer CorporationAffected05 Apr 200103 May 2001
Debian LinuxAffected-10 Apr 2001
FreeBSD, Inc.Affected05 Apr 200113 Apr 2001
Hewlett-Packard CompanyAffected-09 Apr 2001
IBM CorporationAffected05 Apr 200121 May 2008
Mandriva, Inc.Affected-06 Apr 2001
NetBSDAffected05 Apr 200105 Apr 2001
OpenBSDAffected05 Apr 200106 Apr 2001
Red Hat, Inc.Affected05 Apr 200109 Apr 2001
SlackwareAffected-09 Apr 2001
Sun Microsystems, Inc.Affected05 Apr 200131 Oct 2001
SUSE LinuxAffected-16 Apr 2001
The SCO Group (SCO Linux)Affected05 Apr 200109 Apr 2001
The SCO Group (SCO Unix)Affected-16 Apr 2001
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks Przemyslaw Frasunek for reporting this issue.

This document was written by Jeffrey S. Havrilla

Other Information

  • CVE IDs: CVE-2001-0414
  • Date Public: 04 Apr 2001
  • Date First Published: 05 Apr 2001
  • Date Last Updated: 22 May 2008
  • Severity Metric: 79.65
  • Document Revision: 35

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.