CVE-2001-0414

Dave Mills Ntpd < 4.0.99k - Buffer Overflow

Title source: rule

Description

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/16285

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by patrick · rubyremotelinux

https://www.exploit-db.com/exploits/9940

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by babcia padlina ltd · cremotelinux

https://www.exploit-db.com/exploits/20727

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/ntp/ntp_overflow.rb

View Code ZIP pw:eip

References (24)

[Various Sources] ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc

[Various Sources] ftp://ftp.sco.com/SSE/sse073.ltr

[Various Sources] ftp://ftp.sco.com/SSE/sse074.ltr

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392

[Various Sources] http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html

[Mailing List] http://marc.info/?l=bugtraq&m=98642418618512&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98654963328381&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98659782815613&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98679815917014&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98683952401753&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98684202610470&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=98684532921941&w=2

[Patch, Vendor Advisory] http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2001-045.html

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/2540

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/6321

[Vendor Advisory] ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc

... and 4 more

Scores

EPSS 0.8116

EPSS Percentile 99.2%

Details

Status published

Products (18)

dave_mills/ntpd 4.0.99

dave_mills/ntpd 4.0.99a

dave_mills/ntpd 4.0.99b

dave_mills/ntpd 4.0.99c

dave_mills/ntpd 4.0.99d

dave_mills/ntpd 4.0.99e

dave_mills/ntpd 4.0.99f

dave_mills/ntpd 4.0.99g

dave_mills/ntpd 4.0.99h

dave_mills/ntpd 4.0.99i

... and 8 more

Published Jun 18, 2001

Tracked Since Feb 18, 2026