CVE-2005-2496 | Vulnerability Database | Aqua Security

The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

Affected Software

Name	Vendor	Start Version	End Version
Ntpd	Dave_mills	*	4.2.0.a.2004-06-17_4.fc3 (including)
Red Hat Enterprise Linux 4	RedHat	ntp-0:4.2.0.a.20040617-4.EL4.1	*

References

http://secunia.com/advisories/16602
http://secunia.com/advisories/21464
http://securitytracker.com/id?1016679
http://www.debian.org/security/2005/dsa-801
http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
http://www.osvdb.org/19055
http://www.redhat.com/support/errata/RHSA-2006-0393.html
http://www.securityfocus.com/bid/14673
http://www.securityspace.com/smysecure/catid.html?id=55155
http://www.vupen.com/english/advisories/2005/1561
https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669
http://secunia.com/advisories/16602
http://secunia.com/advisories/21464
http://securitytracker.com/id?1016679
http://www.debian.org/security/2005/dsa-801
http://www.mandriva.com/security/advisories?name=MDKSA-2005:156
http://www.osvdb.org/19055
http://www.redhat.com/support/errata/RHSA-2006-0393.html
http://www.securityfocus.com/bid/14673
http://www.securityspace.com/smysecure/catid.html?id=55155
http://www.vupen.com/english/advisories/2005/1561
https://exchange.xforce.ibmcloud.com/vulnerabilities/22035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9669

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2496
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html