CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.2.0 ≤
𝑥
< 4.2.8
ntpntp
4.3.0 ≤
𝑥
< 4.3.77
ntpntp
4.2.8
ntpntp
4.2.8:p1
ntpntp
4.2.8:p1-beta1
ntpntp
4.2.8:p1-beta2
ntpntp
4.2.8:p1-beta3
ntpntp
4.2.8:p1-beta4
ntpntp
4.2.8:p1-beta5
ntpntp
4.2.8:p1-rc1
ntpntp
4.2.8:p1-rc2
ntpntp
4.2.8:p2
ntpntp
4.2.8:p2-rc1
ntpntp
4.2.8:p2-rc2
ntpntp
4.2.8:p2-rc3
ntpntp
4.2.8:p3
ntpntp
4.2.8:p3-rc1
ntpntp
4.2.8:p3-rc2
ntpntp
4.2.8:p3-rc3
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
netapponcommand_performance_manager
-
netapponcommand_unified_manager
-
netappclustered_data_ontap
-
netappdata_ontap
-
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_eus
7.7
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
Fixed 1:4.2.6.p3+dfsg-1ubuntu3.6
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
released
vivid
Fixed 1:4.2.6.p5+dfsg-3ubuntu6.2
released
wily
Fixed 1:4.2.6.p5+dfsg-3ubuntu8.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
yast2-ntp-client
suse enterprise sap 12
3.1.12.4-8.2
fixed
suse enterprise server 12
3.1.12.4-8.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ntp
RHEL 6
0:4.2.6p5-10.el6
fixed
RHEL 7
0:4.2.6p5-25.el7
fixed
ntp-doc
RHEL 6
0:4.2.6p5-10.el6
fixed
RHEL 7
0:4.2.6p5-25.el7
fixed
ntp-perl
RHEL 6
0:4.2.6p5-10.el6
fixed
RHEL 7
0:4.2.6p5-25.el7
fixed
ntpdate
RHEL 6
0:4.2.6p5-10.el6
fixed
RHEL 7
0:4.2.6p5-25.el7
fixed
sntp
RHEL 7
0:4.2.6p5-25.el7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ntp
Amazon Linux 1
0:4.2.6p5-33.26.amzn1
fixed
ntp-debuginfo
Amazon Linux 1
0:4.2.6p5-33.26.amzn1
fixed
ntp-doc
Amazon Linux 1
0:4.2.6p5-33.26.amzn1
fixed
ntp-perl
Amazon Linux 1
0:4.2.6p5-33.26.amzn1
fixed
ntpdate
Amazon Linux 1
0:4.2.6p5-33.26.amzn1
fixed