{"vuid":"VU#970472","idnumber":"970472","name":"Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function","keywords":["ntp","ntpd","xntp","xntpd","ntp_control.c","ctl_getitem()"],"overview":"There is a buffer overflow defect in the ctl_getitem() function of the Network Time Protocol (NTP) daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2 are assumed at risk.","clean_desc":"The buffer overflow condition appears in the ctl_getitem() function in ntp_control.c, the NTP control code. Because the ntp protocol uses UDP, attacks attempting to exploit this vulnerability will likely be spoofed.","impact":"It has been reported that a remote intruder can execute arbitrary code with the default privileges on the running daemon, typically root. While this report is still being evaluated, crashing of the NTP daemon has been confirmed.","resolution":"Apply patches supplied by your vendor","workarounds":"Until patches can be applied, the CERT/CC strongly urges affected sites to block ntp requests (123/{tcp,udp}) at their network perimeter or disable ntpd altogether. It is unclear at this time if using secured NTP services provides a full defense against all attacks attempting to exploit this vulnerability.","sysaffected":"","thanks":"The CERT/CC thanks Przemyslaw Frasunek for reporting this issue.","author":"This document was written by Jeffrey S. Havrilla","public":["ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc","http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/ntp/ntpd/ntp_control.c?r1+=1.1&r2=1.2","http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/net/ntp/files/patch-ntp_control.c (patch for ntp-4.0.99k)","http://www.faqs.org/rfcs/rfc1305.html","http://www.ntp.org/","http://www.securityfocus.com/bid/2540","http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?type=0&doc=secbull%2F211&display=plain"],"cveids":["CVE-2001-0414"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-04-04T22:44:39Z","publicdate":"2001-04-04T00:00:00Z","datefirstpublished":"2001-04-05T18:19:31Z","dateupdated":"2008-05-22T16:42:45Z","revision":35,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"20","cam_exploitation":"20","cam_internetinfrastructure":"19","cam_population":"18","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"79.65","cam_scorecurrentwidelyknown":"79.65","cam_scorecurrentwidelyknownexploited":"79.65","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":79.65,"vulnote":null}