Back to search
CVE-2015-7703
Published: Jul 24, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2016:2583
vendor-advisory
x_refsource_REDHAT
1033951
vdb-entry
x_refsource_SECTRACK
77278
vdb-entry
x_refsource_BID
RHSA-2016:0780
vendor-advisory
x_refsource_REDHAT
http://support.ntp.org/bin/view/Main/NtpBug2902
x_refsource_CONFIRM
DSA-3388
vendor-advisory
x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=1254547
x_refsource_CONFIRM
GLSA-201607-15
vendor-advisory
x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20171004-0001/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now