CVE-2015-7976

Published: 31 December 2015

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Priority

Low

CVSS 3 base score: 4.3

Status

Package Release Status
ntp
Launchpad, Ubuntu, Debian
Upstream
Released (4.2.8p6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:4.2.8p4+dfsg-3ubuntu5.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Patches:
Upstream: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
Upstream: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796