Lucene search

K

PRIOn knowledge basePRION:CVE-2015-7976

HistoryJan 30, 2017 - 9:59 p.m.

Design/Logic Flaw

2017-01-3021:59:00

PRIOn knowledge base

www.prio-n.com

4

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.9%

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

CPENameOperatorVersion
suse_openstack_cloudeq5
ntpeq4.1.2
ntple4.2.8
ntpeq4.3.80
ntpeq4.3.51
ntpeq4.3.17
ntpeq4.3.30
ntpeq4.3.74
ntpeq4.3.67
ntpeq4.3.14

Rows per page:

1-10 of 1081

References

lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

support.ntp.org/bin/view/Main/NtpBug2938

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

www.securitytracker.com/id/1034782

www.ubuntu.com/usn/USN-3096-1

bto.bluecoat.com/security-advisory/sa113

security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

security.gentoo.org/glsa/201607-15

security.netapp.com/advisory/ntap-20171031-0001/

www.kb.cert.org/vuls/id/718152

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.9%

Related for PRION:CVE-2015-7976

cve1 talos1 debiancve1 f52 ubuntucve1 nessus18 openvas19 paloalto1 mageia1 slackware1 freebsd1 freebsd_advisory1 cisco1 rosalinux1 suse7 symantec1 cloudfoundry1 ubuntu1 ibm2 cert1 gentoo1