CVE-2015-7851

Published: 28 January 2020

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6