Published: 24/07/2017 Updated: 18/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ntp ntp
ntp ntp 4.2.8
oracle linux 6
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
netapp oncommand performance manager -
netapp oncommand unified manager -
netapp clustered data ontap -
netapp data ontap -
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server eus 7.3
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server eus 7.7
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.7
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0

Synopsis Moderate: ntp security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several security issues were fixed in NTP ...

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote configuration The attacker had the ...

As <a href="supportntporg/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi">discussed upstream</a>, a flaw was found in the way ntpd processed certain remote configuration packets Note that remote configuration is disabled by default in NTP (CVE-2015-5146) It was found that the :config command can be used to se ...

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals) ...

Multiple Cisco products incorporate a version of the ntpd package Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server On October 21st, 2 ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=1254547 http://www.securityfocus.com/bid/77278 http://support.ntp.org/bin/view/Main/NtpBug2902 https://security.gentoo.org/glsa/201607-15 http://www.securitytracker.com/id/1033951 http://www.debian.org/security/2015/dsa-3388 https://security.netapp.com/advisory/ntap-20171004-0001/http://rhn.redhat.com/errata/RHSA-2016-2583.html http://rhn.redhat.com/errata/RHSA-2016-0780.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://access.redhat.com/errata/RHSA-2016:2583 https://nvd.nist.gov https://usn.ubuntu.com/2783-1/

CVE-2015-7703

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect