CVE-2015-7703Improper Input Validation in NTP

CWE-20Improper Input ValidationCWE-73External Control of File Name or PathCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-22Path TraversalCWE-264CWE-287Improper AuthenticationCWE-39910 documents10 sources
Severity
7.5HIGHNVD
EPSS
8.1%
top 7.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
NTPDebian LinuxOracle Linux+6 more
Timeline
PublishedJul 24
Latest updateMay 13

Description

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDntp/ntp4.2.04.2.8+2
Debianntp/ntp< 1:4.2.8p4+dfsg-1

Also affects: Debian Linux 7.0, 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.7, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-p9hx-j72m-8cf4: The "pidfile" or "driftfile" directives in NTP ntpd 42022-05-13
CVEList
CVE-2015-7703: The "pidfile" or "driftfile" directives in NTP ntpd 42017-07-24
OSV
CVE-2015-7703: The "pidfile" or "driftfile" directives in NTP ntpd 42017-07-24

📋Vendor Advisories

5
Ubuntu
NTP vulnerabilities2015-10-27
BSD
FreeBSD-SA-15:25.ntp: Multiple vulnerabilities of ntp [REVISED]2015-10-26
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 20152015-10-22
Red Hat
ntp: config command can be used to set the pidfile and drift file paths2015-08-25
Debian
CVE-2015-7703: ntp - The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4....2015

💬Community

1
Bugzilla
CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths2015-08-18
CVE-2015-7703 — Improper Input Validation in NTP | cvebase