CVE-2015-7976

MEDIUM

NTP <4.2.8p6-4.3.77 - Info Disclosure

Title source: llm

Description

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

References (17)

Core 17

Core References

Third Party Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-3096-1

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034782

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/718152

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Vendor Advisory x_refsource_confirm

http://support.ntp.org/bin/view/Main/NtpBug2938

Vendor Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20171031-0001/

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Various Sources vendor-advisory x_refsource_freebsd

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

Third Party Advisory x_refsource_confirm

https://bto.bluecoat.com/security-advisory/sa113

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201607-15

Scores

CVSS v3 4.3

EPSS 0.0317

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-254

Status published

Products (50)

novell/suse_openstack_cloud 5

ntp/ntp 4.1.2

ntp/ntp 4.3.0

ntp/ntp 4.3.1

ntp/ntp 4.3.2

ntp/ntp 4.3.3

ntp/ntp 4.3.4

ntp/ntp 4.3.5

ntp/ntp 4.3.6

ntp/ntp 4.3.7

... and 40 more

Published Jan 30, 2017

Tracked Since Feb 18, 2026