FKIE_CVE-2015-7976

Vulnerability from fkie_nvd - Published: 2017-01-30 21:59 - Updated: 2025-04-20 01:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
cve@mitre.orghttps://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20171031-0001/
cve@mitre.orghttps://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171031-0001/
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ntp ntp 4.1.2
ntp ntp *
ntp ntp 4.3.0
ntp ntp 4.3.1
ntp ntp 4.3.2
ntp ntp 4.3.3
ntp ntp 4.3.4
ntp ntp 4.3.5
ntp ntp 4.3.6
ntp ntp 4.3.7
ntp ntp 4.3.8
ntp ntp 4.3.9
ntp ntp 4.3.10
ntp ntp 4.3.11
ntp ntp 4.3.12
ntp ntp 4.3.13
ntp ntp 4.3.14
ntp ntp 4.3.15
ntp ntp 4.3.16
ntp ntp 4.3.17
ntp ntp 4.3.18
ntp ntp 4.3.19
ntp ntp 4.3.20
ntp ntp 4.3.21
ntp ntp 4.3.22
ntp ntp 4.3.23
ntp ntp 4.3.24
ntp ntp 4.3.25
ntp ntp 4.3.26
ntp ntp 4.3.27
ntp ntp 4.3.28
ntp ntp 4.3.29
ntp ntp 4.3.30
ntp ntp 4.3.31
ntp ntp 4.3.32
ntp ntp 4.3.33
ntp ntp 4.3.34
ntp ntp 4.3.35
ntp ntp 4.3.36
ntp ntp 4.3.37
ntp ntp 4.3.38
ntp ntp 4.3.39
ntp ntp 4.3.40
ntp ntp 4.3.41
ntp ntp 4.3.42
ntp ntp 4.3.43
ntp ntp 4.3.44
ntp ntp 4.3.45
ntp ntp 4.3.46
ntp ntp 4.3.47
ntp ntp 4.3.48
ntp ntp 4.3.49
ntp ntp 4.3.50
ntp ntp 4.3.51
ntp ntp 4.3.52
ntp ntp 4.3.53
ntp ntp 4.3.54
ntp ntp 4.3.55
ntp ntp 4.3.56
ntp ntp 4.3.57
ntp ntp 4.3.58
ntp ntp 4.3.59
ntp ntp 4.3.60
ntp ntp 4.3.61
ntp ntp 4.3.62
ntp ntp 4.3.63
ntp ntp 4.3.64
ntp ntp 4.3.65
ntp ntp 4.3.66
ntp ntp 4.3.67
ntp ntp 4.3.68
ntp ntp 4.3.69
ntp ntp 4.3.70
ntp ntp 4.3.71
ntp ntp 4.3.72
ntp ntp 4.3.73
ntp ntp 4.3.74
ntp ntp 4.3.75
ntp ntp 4.3.76
ntp ntp 4.3.77
ntp ntp 4.3.78
ntp ntp 4.3.79
ntp ntp 4.3.80
ntp ntp 4.3.81
ntp ntp 4.3.82
ntp ntp 4.3.83
ntp ntp 4.3.84
ntp ntp 4.3.85
ntp ntp 4.3.86
ntp ntp 4.3.87
ntp ntp 4.3.88
ntp ntp 4.3.89
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
novell suse_openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse suse_linux_enterprise_server 12
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
              "matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "74268F7D-058C-4E84-9D7E-3853A95918BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
    },
    {
      "lang": "es",
      "value": "El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a trav\u00e9s de un nombre de archivo manipulado."
    }
  ],
  "id": "CVE-2015-7976",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-30T21:59:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.