Lucene search

K
cveMitreCVE-2015-7976
HistoryJan 30, 2017 - 9:59 p.m.

CVE-2015-7976

2017-01-3021:59:00
CWE-254
mitre
web.nvd.nist.gov
118
ntp
cve-2015-7976
saveconfig command
security vulnerability
special characters
crafted filename

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

73.5%

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Affected configurations

Nvd
Node
ntpntpMatch4.1.2
Node
ntpntpRange4.2.8p5
Node
ntpntpMatch4.3.0
OR
ntpntpMatch4.3.1
OR
ntpntpMatch4.3.2
OR
ntpntpMatch4.3.3
OR
ntpntpMatch4.3.4
OR
ntpntpMatch4.3.5
OR
ntpntpMatch4.3.6
OR
ntpntpMatch4.3.7
OR
ntpntpMatch4.3.8
OR
ntpntpMatch4.3.9
OR
ntpntpMatch4.3.10
OR
ntpntpMatch4.3.11
OR
ntpntpMatch4.3.12
OR
ntpntpMatch4.3.13
OR
ntpntpMatch4.3.14
OR
ntpntpMatch4.3.15
OR
ntpntpMatch4.3.16
OR
ntpntpMatch4.3.17
OR
ntpntpMatch4.3.18
OR
ntpntpMatch4.3.19
OR
ntpntpMatch4.3.20
OR
ntpntpMatch4.3.21
OR
ntpntpMatch4.3.22
OR
ntpntpMatch4.3.23
OR
ntpntpMatch4.3.24
OR
ntpntpMatch4.3.25
OR
ntpntpMatch4.3.26
OR
ntpntpMatch4.3.27
OR
ntpntpMatch4.3.28
OR
ntpntpMatch4.3.29
OR
ntpntpMatch4.3.30
OR
ntpntpMatch4.3.31
OR
ntpntpMatch4.3.32
OR
ntpntpMatch4.3.33
OR
ntpntpMatch4.3.34
OR
ntpntpMatch4.3.35
OR
ntpntpMatch4.3.36
OR
ntpntpMatch4.3.37
OR
ntpntpMatch4.3.38
OR
ntpntpMatch4.3.39
OR
ntpntpMatch4.3.40
OR
ntpntpMatch4.3.41
OR
ntpntpMatch4.3.42
OR
ntpntpMatch4.3.43
OR
ntpntpMatch4.3.44
OR
ntpntpMatch4.3.45
OR
ntpntpMatch4.3.46
OR
ntpntpMatch4.3.47
OR
ntpntpMatch4.3.48
OR
ntpntpMatch4.3.49
OR
ntpntpMatch4.3.50
OR
ntpntpMatch4.3.51
OR
ntpntpMatch4.3.52
OR
ntpntpMatch4.3.53
OR
ntpntpMatch4.3.54
OR
ntpntpMatch4.3.55
OR
ntpntpMatch4.3.56
OR
ntpntpMatch4.3.57
OR
ntpntpMatch4.3.58
OR
ntpntpMatch4.3.59
OR
ntpntpMatch4.3.60
OR
ntpntpMatch4.3.61
OR
ntpntpMatch4.3.62
OR
ntpntpMatch4.3.63
OR
ntpntpMatch4.3.64
OR
ntpntpMatch4.3.65
OR
ntpntpMatch4.3.66
OR
ntpntpMatch4.3.67
OR
ntpntpMatch4.3.68
OR
ntpntpMatch4.3.69
OR
ntpntpMatch4.3.70
OR
ntpntpMatch4.3.71
OR
ntpntpMatch4.3.72
OR
ntpntpMatch4.3.73
OR
ntpntpMatch4.3.74
OR
ntpntpMatch4.3.75
OR
ntpntpMatch4.3.76
OR
ntpntpMatch4.3.77
OR
ntpntpMatch4.3.78
OR
ntpntpMatch4.3.79
OR
ntpntpMatch4.3.80
OR
ntpntpMatch4.3.81
OR
ntpntpMatch4.3.82
OR
ntpntpMatch4.3.83
OR
ntpntpMatch4.3.84
OR
ntpntpMatch4.3.85
OR
ntpntpMatch4.3.86
OR
ntpntpMatch4.3.87
OR
ntpntpMatch4.3.88
OR
ntpntpMatch4.3.89
Node
suselinux_enterprise_debuginfoMatch11sp2
OR
suselinux_enterprise_debuginfoMatch11sp3
OR
suselinux_enterprise_debuginfoMatch11sp4
OR
susemanagerMatch2.1
OR
susemanager_proxyMatch2.1
OR
novellsuse_openstack_cloudMatch5
OR
opensuseleapMatch42.1
OR
opensuseopensuseMatch13.2
OR
suselinux_enterprise_desktopMatch12
OR
suselinux_enterprise_desktopMatch12sp1
OR
suselinux_enterprise_serverMatch10sp4ltss
OR
suselinux_enterprise_serverMatch11sp2ltss
OR
suselinux_enterprise_serverMatch11sp3ltss
OR
suselinux_enterprise_serverMatch11sp4
OR
suselinux_enterprise_serverMatch12sp1
OR
susesuse_linux_enterprise_serverMatch12
VendorProductVersionCPE
ntpntp4.1.2cpe:/a:ntp:ntp:4.1.2:::

References

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

73.5%