CVE-2015-7851Path Traversal in NTP

CWE-22Path TraversalCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-264CWE-287Improper AuthenticationCWE-39912 documents11 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NTP
Timeline
PublishedJan 28
Latest updateMay 24

Description

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDntp/ntp4.2.04.2.8+2
Debianntp/ntp< 1:4.2.8p4+dfsg-1

🔴Vulnerability Details

3
GHSA
GHSA-qp94-wj83-fxfq: Directory traversal vulnerability in the save_config function in ntpd in ntp_control2022-05-24
CVEList
CVE-2015-7851: Directory traversal vulnerability in the save_config function in ntpd in ntp_control2020-01-28
OSV
CVE-2015-7851: Directory traversal vulnerability in the save_config function in ntpd in ntp_control2020-01-28

📋Vendor Advisories

5
CISA ICS
Rockwell Automation Stratix 59002017-05-10
BSD
FreeBSD-SA-15:25.ntp: Multiple vulnerabilities of ntp [REVISED]2015-10-26
Cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 20152015-10-22
Red Hat
ntp: saveconfig directory traversal vulnerability2015-10-21
Debian
CVE-2015-7851: ntp - Directory traversal vulnerability in the save_config function in ntpd in ntp_con...2015

🕵️Threat Intelligence

2
Talos
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)2015-10-21
Talos
Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)2015-10-21

💬Community

1
Bugzilla
CVE-2015-7851 ntp: saveconfig directory traversal vulnerability2015-10-22