CVE-2015-7976

EUVD-2015-7873
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
ntpntp
4.1.2
ntpntp
𝑥
≤ 4.2.8
ntpntp
4.3.0
ntpntp
4.3.1
ntpntp
4.3.2
ntpntp
4.3.3
ntpntp
4.3.4
ntpntp
4.3.5
ntpntp
4.3.6
ntpntp
4.3.7
ntpntp
4.3.8
ntpntp
4.3.9
ntpntp
4.3.10
ntpntp
4.3.11
ntpntp
4.3.12
ntpntp
4.3.13
ntpntp
4.3.14
ntpntp
4.3.15
ntpntp
4.3.16
ntpntp
4.3.17
ntpntp
4.3.18
ntpntp
4.3.19
ntpntp
4.3.20
ntpntp
4.3.21
ntpntp
4.3.22
ntpntp
4.3.23
ntpntp
4.3.24
ntpntp
4.3.25
ntpntp
4.3.26
ntpntp
4.3.27
ntpntp
4.3.28
ntpntp
4.3.29
ntpntp
4.3.30
ntpntp
4.3.31
ntpntp
4.3.32
ntpntp
4.3.33
ntpntp
4.3.34
ntpntp
4.3.35
ntpntp
4.3.36
ntpntp
4.3.37
ntpntp
4.3.38
ntpntp
4.3.39
ntpntp
4.3.40
ntpntp
4.3.41
ntpntp
4.3.42
ntpntp
4.3.43
ntpntp
4.3.44
ntpntp
4.3.45
ntpntp
4.3.46
ntpntp
4.3.47
ntpntp
4.3.48
ntpntp
4.3.49
ntpntp
4.3.50
ntpntp
4.3.51
ntpntp
4.3.52
ntpntp
4.3.53
ntpntp
4.3.54
ntpntp
4.3.55
ntpntp
4.3.56
ntpntp
4.3.57
ntpntp
4.3.58
ntpntp
4.3.59
ntpntp
4.3.60
ntpntp
4.3.61
ntpntp
4.3.62
ntpntp
4.3.63
ntpntp
4.3.64
ntpntp
4.3.65
ntpntp
4.3.66
ntpntp
4.3.67
ntpntp
4.3.68
ntpntp
4.3.69
ntpntp
4.3.70
ntpntp
4.3.71
ntpntp
4.3.72
ntpntp
4.3.73
ntpntp
4.3.74
ntpntp
4.3.75
ntpntp
4.3.76
ntpntp
4.3.77
ntpntp
4.3.78
ntpntp
4.3.79
ntpntp
4.3.80
ntpntp
4.3.81
ntpntp
4.3.82
ntpntp
4.3.83
ntpntp
4.3.84
ntpntp
4.3.85
ntpntp
4.3.86
ntpntp
4.3.87
ntpntp
4.3.88
ntpntp
4.3.89
susemanager
2.1
susemanager_proxy
2.1
opensuseleap
42.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
jessie
no-dsa
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
precise
Fixed 1:4.2.6.p3+dfsg-1ubuntu3.11
released
trusty
Fixed 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
released
vivid
ignored
wily
ignored
xenial
Fixed 1:4.2.8p4+dfsg-3ubuntu5.3
released
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://support.ntp.org/bin/view/Main/NtpBug2938
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://bto.bluecoat.com/security-advisory/sa113
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://support.ntp.org/bin/view/Main/NtpBug2938
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://bto.bluecoat.com/security-advisory/sa113
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152