CVE-2016-0727

HIGH

NTP Package <4.2.6.p3 - Privilege Escalation via Crontab Script

Title source: llm

Description

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

Exploits (1)

exploitdb WORKING POC

by halfdog · textlocallinux

https://www.exploit-db.com/exploits/41764

View Code ZIP pw:eip

References (6)

Core 6

Core References

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-3096-1

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1382369

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034808

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/141913/NTP-Privilege-Escalation.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/81552

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050

Scores

CVSS v3 7.8

EPSS 0.0089

EPSS Percentile 75.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (3)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

Published Apr 14, 2017

Tracked Since Feb 18, 2026