Cisco NTP ntpd readvar Variable Remote Overflow (CSCdt93866)

critical Nessus Plugin ID 10982

Synopsis

The remote device is missing a vendor-supplied security patch

Description

By sending a crafted NTP control packet, it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine.

This vulnerability is documented as Cisco Bug ID CSCdt93866.

An attacker may use this flaw to execute arbitrary code on the remote host (although it's not believed to be doable)

Solution

Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20020508-ntp-vulnerability.

See Also

http://www.nessus.org/u?033c44be

Plugin Details

Severity: Critical

ID: 10982

File Name: CSCdt93866.nasl

Version: 1.24

Type: local

Family: CISCO

Published: 6/5/2002

Updated: 3/27/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/community, SNMP/sysDesc, CISCO/model

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/4/2001

Exploitable With

Metasploit (NTP Daemon readvar Buffer Overflow)

Reference Information

CVE: CVE-2001-0414

BID: 2540