CVE-2015-7703

EPSS 4.95%
Published 24.07.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Ntp ≫ Ntp Version >= 4.2.0 < 4.2.8

Ntp ≫ Ntp Version >= 4.3.0 < 4.3.77

Ntp ≫ Ntp Version4.2.8 Update-

Ntp ≫ Ntp Version4.2.8 Updatep1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta2

Ntp ≫ Ntp Version4.2.8 Updatep1-beta3

Ntp ≫ Ntp Version4.2.8 Updatep1-beta4

Ntp ≫ Ntp Version4.2.8 Updatep1-beta5

Ntp ≫ Ntp Version4.2.8 Updatep1-rc1

Ntp ≫ Ntp Version4.2.8 Updatep1-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc1

Ntp ≫ Ntp Version4.2.8 Updatep2-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc3

Ntp ≫ Ntp Version4.2.8 Updatep3

Ntp ≫ Ntp Version4.2.8 Updatep3-rc1

Ntp ≫ Ntp Version4.2.8 Updatep3-rc2

Ntp ≫ Ntp Version4.2.8 Updatep3-rc3

Oracle ≫ Linux Version6 Update-

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Netapp ≫ Oncommand Performance Manager Version-

Netapp ≫ Oncommand Unified Manager Version- SwPlatformclustered_data_ontap

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Data Ontap Version- SwPlatform7-mode

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.95%	0.892

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Third Party Advisory

http://www.debian.org/security/2015/dsa-3388

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2583.html

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Third Party Advisory

http://www.securitytracker.com/id/1033951

Third Party Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20171004-0001/