CVE-2016-0727

2016-01-2200:00:00

ubuntu.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.1%

JSON

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on
Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04
LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04
LTS allows local users with access to the ntp account to write to arbitrary
files and consequently gain privileges via vectors involving statistics
directory cleanup.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050>

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchntp< 1:4.2.6.p3+dfsg-1ubuntu3.11UNKNOWN
ubuntu14.04noarchntp< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10UNKNOWN
ubuntu16.04noarchntp< 1:4.2.8p4+dfsg-3ubuntu5.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	ntp	< 1:4.2.6.p3+dfsg-1ubuntu3.11	UNKNOWN
ubuntu	14.04	noarch	ntp	< 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10	UNKNOWN
ubuntu	16.04	noarch	ntp	< 1:4.2.8p4+dfsg-3ubuntu5.3	UNKNOWN