Bug 1173323 – VUL-0: CVE-2004-0657: ntp,xntp: wrong date/time offset return could lead to integer overflow

Bug 1173323 - (CVE-2004-0657) VUL-0: CVE-2004-0657: ntp,xntp: wrong date/time offset return could lead to integer overflow

(CVE-2004-0657)
Summary:	VUL-0: CVE-2004-0657: ntp,xntp: wrong date/time offset return could lead to i...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/14920/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-06-24 15:20 UTC by Wolfgang Frisch
Modified:	2020-06-24 15:20 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2020-06-24 15:20:31 UTC

CVE-2004-0657

Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1850552
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0657
https://exchange.xforce.ibmcloud.com/vulnerabilities/15406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0657
http://www.kb.cert.org/vuls/id/584606
http://xforce.iss.net/xforce/xfdb/15406
http://marc.info/?l=bugtraq&m=108922292425219&w=2

Comment 1 Wolfgang Frisch 2020-06-24 15:20:49 UTC

We don't ship a version this old.