CVE-2015-7703

MEDIUM

Description

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

References

http://rhn.redhat.com/errata/RHSA-2016-0780.html

http://rhn.redhat.com/errata/RHSA-2016-2583.html

http://support.ntp.org/bin/view/Main/NtpBug2902

http://www.debian.org/security/2015/dsa-3388

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/77278

http://www.securitytracker.com/id/1033951

https://bugzilla.redhat.com/show_bug.cgi?id=1254547

https://security.gentoo.org/glsa/201607-15

https://security.netapp.com/advisory/ntap-20171004-0001/

Details

Source: MITRE

Published: 2017-07-24

Updated: 2020-06-18

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*

cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*

cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
125009EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)NessusHuawei Local Security Checks
high
106497pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)NessusFirewalls
high
99822EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060)NessusHuawei Local Security Checks
medium
95850Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)NessusScientific Linux Local Security Checks
medium
95330CentOS 7 : ntp (CESA-2016:2583)NessusCentOS Local Security Checks
medium
94705Oracle Linux 7 : ntp (ELSA-2016-2583)NessusOracle Linux Local Security Checks
medium
94546RHEL 7 : ntp (RHSA-2016:2583)NessusRed Hat Local Security Checks
medium
93186SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1)NessusSuSE Local Security Checks
high
92485GLSA-201607-15 : NTP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91539Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
medium
91419OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)NessusOracleVM Local Security Checks
medium
91403openSUSE Security Update : ntp (openSUSE-2016-649)NessusSuSE Local Security Checks
high
91315F5 Networks BIG-IP : NTP vulnerability (K17529)NessusF5 Networks Local Security Checks
medium
91248SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)NessusSuSE Local Security Checks
high
91169CentOS 6 : ntp (CESA-2016:0780)NessusCentOS Local Security Checks
medium
91151Oracle Linux 6 : ntp (ELSA-2016-0780)NessusOracle Linux Local Security Checks
medium
91076RHEL 6 : ntp (RHSA-2016:0780)NessusRed Hat Local Security Checks
medium
90991SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)NessusSuSE Local Security Checks
high
89288Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd)NessusFedora Local Security Checks
high
87010SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)NessusSuSE Local Security Checks
high
86964openSUSE Security Update : ntp (openSUSE-2015-767)NessusSuSE Local Security Checks
high
86682Debian DSA-3388-1 : ntp - security updateNessusDebian Local Security Checks
high
86640Debian DLA-335-1 : ntp security updateNessusDebian Local Security Checks
high
86631Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple VulnerabilitiesNessusMisc.
high
86630Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1)NessusUbuntu Local Security Checks
high
86519FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)NessusFreeBSD Local Security Checks
high
85751Amazon Linux AMI : ntp (ALAS-2015-593)NessusAmazon Linux Local Security Checks
medium