Description
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0780.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201607-15
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20171004-0001/
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2583.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033951
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/77278
Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug2902
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3388
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1254547
Scores
CVSS v3
7.5
EPSS
0.0382
EPSS Percentile
88.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (28)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
netapp/clustered_data_ontap
netapp/data_ontap
netapp/oncommand_performance_manager
netapp/oncommand_unified_manager
ntp/ntp
4.2.8 (17 CPE variants)
ntp/ntp
4.2.0 - 4.2.8
oracle/linux
6
... and 18 more
Published
Jul 24, 2017
Tracked Since
Feb 18, 2026