CVE-2001-0414 (CNNVD-200106-110)
CRITICAL
有利用代码
中文标题:
Ntpd远程缓冲区溢出漏洞
英文标题:
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers...
CVSS分数:
10.0
发布时间:
2001-09-18 04:00:00
漏洞类型:
授权问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v6
漏洞描述
中文描述:
多种Unix/Linux操作系统和Cisco路由器的网络时间协议守护进程(NTPD)容易遭受远程缓冲区溢出攻击。 由于NTP基于无状态的UDP协议,于是可以伪造各种恶意的请求报文,引发远程缓冲区溢出。绝大多数情况下,NTPD是以root身份启动的,所以远程缓冲区溢出后将直接获取root权限。 尽管这次是常规缓冲区溢出,但为了有效利用它进行攻击还是相当困难的。目标缓冲区会因为某些原因被破坏,攻击完成时,shellcode真正可利用的缓冲区将小于70字节。下面的演示代码简单执行了/tmp/sh而已,完全可以构造一次完整的远程攻击。
英文描述:
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CWE类型:
(暂无数据)
标签:
remote
linux
Metasploit
OSVDB-805
babcia padlina ltd
patrick
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| dave_mills | ntpd | * | - | - |
cpe:2.3:a:dave_mills:ntpd:*:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99 | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99a | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99a:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99b | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99b:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99c | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99c:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99d | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99d:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99e | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99e:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99f | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99f:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99g | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99g:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99h | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99h:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99i | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99i:*:*:*:*:*:*:*
|
| dave_mills | ntpd | 4.0.99j | - | - |
cpe:2.3:a:dave_mills:ntpd:4.0.99j:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93 | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93a | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93a:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93b | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93b:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93c | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93c:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93d | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93d:*:*:*:*:*:*:*
|
| dave_mills | xntp3 | 5.93e | - | - |
cpe:2.3:a:dave_mills:xntp3:5.93e:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2001:045
vendor-advisory
cve.org
访问
cve.org
SuSE-SA:2001:10
vendor-advisory
cve.org
访问
cve.org
20010409 [ESA-20010409-01] xntp buffer overflow
mailing-list
cve.org
访问
cve.org
20010409 ntp-4.99k23.tar.gz is available
mailing-list
cve.org
访问
cve.org
SSE073
vendor-advisory
cve.org
访问
cve.org
MDKSA-2001:036
vendor-advisory
cve.org
访问
cve.org
NetBSD-SA2001-004
vendor-advisory
cve.org
访问
cve.org
SSE074
vendor-advisory
cve.org
访问
cve.org
20010404 ntpd =< 4.0.99k remote buffer overflow
mailing-list
cve.org
访问
cve.org
CLA-2001:392
vendor-advisory
cve.org
访问
cve.org
805
vdb-entry
cve.org
访问
cve.org
20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
mailing-list
cve.org
访问
cve.org
2540
vdb-entry
cve.org
访问
cve.org
oval:org.mitre.oval:def:3831
vdb-entry
cve.org
访问
cve.org
20010406 Immunix OS Security update for ntp and xntp3
mailing-list
cve.org
访问
cve.org
20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
mailing-list
cve.org
访问
cve.org
20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
mailing-list
cve.org
访问
cve.org
20010408 [slackware-security] buffer overflow fix for NTP
mailing-list
cve.org
访问
cve.org
20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
mailing-list
cve.org
访问
cve.org
FreeBSD-SA-01:31
vendor-advisory
cve.org
访问
cve.org
20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
mailing-list
cve.org
访问
cve.org
DSA-045
vendor-advisory
cve.org
访问
cve.org
ntpd-remote-bo(6321)
vdb-entry
cve.org
访问
cve.org
CSSA-2001-013
vendor-advisory
cve.org
访问
cve.org
ExploitDB EDB-16285
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-16285
EXPLOIT
exploitdb
访问
exploitdb
CVE Reference: CVE-2001-0414
ADVISORY
cve.org
访问
cve.org
ExploitDB EDB-20727
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-20727
EXPLOIT
exploitdb
访问
exploitdb
ExploitDB EDB-9940
EXPLOIT
exploitdb
访问
exploitdb
Download Exploit EDB-9940
EXPLOIT
exploitdb
访问
exploitdb
CVSS评分详情
10.0
CRITICAL
CVSS向量:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS版本:
2.0
机密性
COMPLETE
完整性
COMPLETE
可用性
COMPLETE
时间信息
发布时间:
2001-09-18 04:00:00
修改时间:
2024-08-08 04:21:37
创建时间:
2025-11-11 15:32:13
更新时间:
2025-11-11 17:07:04
利用信息
此漏洞有可利用代码!
利用代码数量:
3
利用来源:
未知
未知
未知
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2001-0414 |
2025-11-11 15:17:21 | 2025-11-11 07:32:13 |
| NVD | nvd_CVE-2001-0414 |
2025-11-11 14:50:26 | 2025-11-11 07:40:59 |
| CNNVD | cnnvd_CNNVD-200106-110 |
2025-11-11 15:08:39 | 2025-11-11 07:48:45 |
| EXPLOITDB | exploitdb_EDB-16285 |
2025-11-11 15:05:26 | 2025-11-11 08:10:58 |
| EXPLOITDB | exploitdb_EDB-20727 |
2025-11-11 15:05:26 | 2025-11-11 08:15:50 |
| EXPLOITDB | exploitdb_EDB-9940 |
2025-11-11 15:05:26 | 2025-11-11 09:07:04 |
版本与语言
当前版本:
v6
主要语言:
EN
支持语言:
EN
ZH
其他标识符:
:
:
:
:
:
:
安全公告
暂无安全公告信息
变更历史
v6
EXPLOITDB
2025-11-11 17:07:04
references_count: 29 → 31; tags_count: 5 → 6
查看详细变更
- references_count: 29 -> 31
- tags_count: 5 -> 6
v5
EXPLOITDB
2025-11-11 16:15:50
references_count: 27 → 29; tags_count: 4 → 5
查看详细变更
- references_count: 27 -> 29
- tags_count: 4 -> 5
v4
EXPLOITDB
2025-11-11 16:10:58
references_count: 24 → 27; tags_count: 0 → 4; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- references_count: 24 -> 27
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
v3
CNNVD
2025-11-11 15:48:45
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200106-110; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200106-110
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:40:59
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 10.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:C/I:C/A:C; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 18; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 10.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 18
- data_sources: ['cve'] -> ['cve', 'nvd']