CVE-2016-0727

high

Description

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

References

Advisories
More

http://www.securitytracker.com/id/1034808

http://www.securityfocus.com/bid/81552

https://bugzilla.redhat.com/show_bug.cgi?id=1382369

https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050

http://www.ubuntu.com/usn/USN-3096-1

Details

Source: Mitre, NVD

Published: 2017-04-14

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00913