CVE-2015-7703

MEDIUM

Description

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

ID	Name	Product	Family	Severity
125009	EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)	Nessus	Huawei Local Security Checks	high
106497	pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)	Nessus	Firewalls	high
99822	EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060)	Nessus	Huawei Local Security Checks	medium
95850	Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)	Nessus	Scientific Linux Local Security Checks	medium
95330	CentOS 7 : ntp (CESA-2016:2583)	Nessus	CentOS Local Security Checks	medium
94705	Oracle Linux 7 : ntp (ELSA-2016-2583)	Nessus	Oracle Linux Local Security Checks	medium
94546	RHEL 7 : ntp (RHSA-2016:2583)	Nessus	Red Hat Local Security Checks	medium
93186	SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)	Nessus	SuSE Local Security Checks	high
92485	GLSA-201607-15 : NTP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
91539	Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)	Nessus	Scientific Linux Local Security Checks	medium
91419	OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)	Nessus	OracleVM Local Security Checks	medium
91403	openSUSE Security Update : ntp (openSUSE-2016-649)	Nessus	SuSE Local Security Checks	high
91315	F5 Networks BIG-IP : NTP vulnerability (K17529)	Nessus	F5 Networks Local Security Checks	medium
91248	SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)	Nessus	SuSE Local Security Checks	high
91169	CentOS 6 : ntp (CESA-2016:0780)	Nessus	CentOS Local Security Checks	medium
91151	Oracle Linux 6 : ntp (ELSA-2016-0780)	Nessus	Oracle Linux Local Security Checks	medium
91076	RHEL 6 : ntp (RHSA-2016:0780)	Nessus	Red Hat Local Security Checks	medium
90991	SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)	Nessus	SuSE Local Security Checks	high
89288	Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)	Nessus	Fedora Local Security Checks	high
87010	SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)	Nessus	SuSE Local Security Checks	high
86964	openSUSE Security Update : ntp (openSUSE-2015-767)	Nessus	SuSE Local Security Checks	high
86682	Debian DSA-3388-1 : ntp - security update	Nessus	Debian Local Security Checks	high
86640	Debian DLA-335-1 : ntp security update	Nessus	Debian Local Security Checks	high
86631	Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities	Nessus	Misc.	high
86630	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)	Nessus	Ubuntu Local Security Checks	high
86519	FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)	Nessus	FreeBSD Local Security Checks	high
85751	Amazon Linux AMI : ntp (ALAS-2015-593)	Nessus	Amazon Linux Local Security Checks	medium

CVE-2015-7703

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0