|
Family: General --> Category: infos
ntpd Incorrect Group Privileges Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for incorrect group privileges vulnerability in ntpd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote NTP server is affected by a privilege escalation issue.
Description :
According to its version number, the NTP (Network Time Protocol)
server installed on the remote host suffers from a flaw that may cause
it to run with the permissions of a privileged user if a group name
rather than a group id is specified on the commandline. As a result,
a possible hacker that manages to compromise the application through some
other means will gain elevated rights than what is expected.
See also :
https://ntp.isc.org/bugs/show_bug.cgi?id=392
Solution :
Start ntpd with a group number or upgrade to NTP 4.2.1 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:L/AC:L/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|