cbcvebase.
CVE-2005-2496
published 2005-09-02

CVE-2005-2496: The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the…

PriorityP411medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.45%
35.5th percentile
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Affected

3 ranges
VendorProductVersion rangeFixed in
dave_millsntpd<= 4.2.0.a.2004-06-17_4.fc3
debianntp< ntp 1:4.2.0a+stable-2sarge1 (bullseye)ntp 1:4.2.0a+stable-2sarge1 (bullseye)
ntpntp>= 0 < 1:4.2.0a+stable-2sarge11:4.2.0a+stable-2sarge1

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.