Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-7703

Опубликовано: 24 июл. 2017
Источник: debian
EPSS Низкий

Описание

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ntpfixed1:4.2.8p4+dfsg-1package

Примечания

  • http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner

  • https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637

  • https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88

EPSS

Процентиль: 89%
0.04949
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-7703

CVSS3: 7.5
ubuntu
около 8 лет назад

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

redhat логотип

CVE-2015-7703

redhat
почти 10 лет назад

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

nvd логотип

CVE-2015-7703

CVSS3: 7.5
nvd
около 8 лет назад

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

github логотип

GHSA-p9hx-j72m-8cf4

CVSS3: 7.5
github
больше 3 лет назад

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

oracle-oval логотип

ELSA-2016-0780

oracle-oval
больше 9 лет назад

ELSA-2016-0780: ntp security and bug fix update (MODERATE)

EPSS

Процентиль: 89%
0.04949
Низкий