The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
2005-09-02T17:03:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 4.6 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | dave_mills | ntpd | ≤ 4.2.0.a.2004-06-17_4.fc3 | Yes |