CVE-2015-7703MEDIUM
Description
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
References
http://rhn.redhat.com/errata/RHSA-2016-0780.html
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://support.ntp.org/bin/view/Main/NtpBug2902
http://www.debian.org/security/2015/dsa-3388
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/77278
http://www.securitytracker.com/id/1033951
https://bugzilla.redhat.com/show_bug.cgi?id=1254547
Details
Source: MITRE
Published: 2017-07-24
Updated: 2020-06-18
Type: CWE-20
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*
Configuration 5
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125009 | EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556) | Nessus | Huawei Local Security Checks | high |
| 106497 | pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08) | Nessus | Firewalls | high |
| 99822 | EulerOS 2.0 SP1 : ntp (EulerOS-SA-2016-1060) | Nessus | Huawei Local Security Checks | medium |
| 95850 | Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103) | Nessus | Scientific Linux Local Security Checks | medium |
| 95330 | CentOS 7 : ntp (CESA-2016:2583) | Nessus | CentOS Local Security Checks | medium |
| 94705 | Oracle Linux 7 : ntp (ELSA-2016-2583) | Nessus | Oracle Linux Local Security Checks | medium |
| 94546 | RHEL 7 : ntp (RHSA-2016:2583) | Nessus | Red Hat Local Security Checks | medium |
| 93186 | SUSE SLES10 Security Update : ntp (SUSE-SU-2016:1912-1) | Nessus | SuSE Local Security Checks | high |
| 92485 | GLSA-201607-15 : NTP: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 91539 | Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510) | Nessus | Scientific Linux Local Security Checks | medium |
| 91419 | OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082) | Nessus | OracleVM Local Security Checks | medium |
| 91403 | openSUSE Security Update : ntp (openSUSE-2016-649) | Nessus | SuSE Local Security Checks | high |
| 91315 | F5 Networks BIG-IP : NTP vulnerability (K17529) | Nessus | F5 Networks Local Security Checks | medium |
| 91248 | SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1) | Nessus | SuSE Local Security Checks | high |
| 91169 | CentOS 6 : ntp (CESA-2016:0780) | Nessus | CentOS Local Security Checks | medium |
| 91151 | Oracle Linux 6 : ntp (ELSA-2016-0780) | Nessus | Oracle Linux Local Security Checks | medium |
| 91076 | RHEL 6 : ntp (RHSA-2016:0780) | Nessus | Red Hat Local Security Checks | medium |
| 90991 | SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1) | Nessus | SuSE Local Security Checks | high |
| 89288 | Fedora 21 : ntp-4.2.6p5-34.fc21 (2015-77bfbc1bcd) | Nessus | Fedora Local Security Checks | high |
| 87010 | SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1) | Nessus | SuSE Local Security Checks | high |
| 86964 | openSUSE Security Update : ntp (openSUSE-2015-767) | Nessus | SuSE Local Security Checks | high |
| 86682 | Debian DSA-3388-1 : ntp - security update | Nessus | Debian Local Security Checks | high |
| 86640 | Debian DLA-335-1 : ntp security update | Nessus | Debian Local Security Checks | high |
| 86631 | Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities | Nessus | Misc. | high |
| 86630 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : ntp vulnerabilities (USN-2783-1) | Nessus | Ubuntu Local Security Checks | high |
| 86519 | FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317) | Nessus | FreeBSD Local Security Checks | high |
| 85751 | Amazon Linux AMI : ntp (ALAS-2015-593) | Nessus | Amazon Linux Local Security Checks | medium |