CVE-2004-0657

NTPd <4.0 - Buffer Overflow

Title source: llm

Description

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.

References (3)

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=108922292425219&w=2

[Patch, Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/584606

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15406

Scores

EPSS 0.0454

EPSS Percentile 89.0%

Classification

CWE

CWE-190

Status draft

Affected Products (7)

ntp/ntp < 4.0

hp/tru64_unix

Timeline

Published Aug 06, 2004

Tracked Since Feb 18, 2026