The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ntp ntp |
||
ntp ntp 4.2.8 |
||
oracle linux 6 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
netapp oncommand performance manager - |
||
netapp oncommand unified manager - |
||
netapp clustered data ontap - |
||
netapp data ontap - |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server eus 7.7 |
||
redhat enterprise linux server tus 7.3 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server tus 7.7 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux workstation 7.0 |