github - ghsa-p9hx-j72m-8cf4

ghsa-p9hx-j72m-8cf4

Vulnerability from github

Published

2022-05-13 01:25

Modified

2022-05-13 01:25

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-24T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.",
  "id": "GHSA-p9hx-j72m-8cf4",
  "modified": "2022-05-13T01:25:43Z",
  "published": "2022-05-13T01:25:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7703"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20171004-0001"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77278"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2015-7703

Vulnerability from cvelistv5

Published

2017-07-24 14:00

Modified

2024-08-06 07:59

Severity

Summary

References

URL	Tags
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2583.html	vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1033951	vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/77278	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0780.html	vendor-advisory, x_refsource_REDHAT
http://support.ntp.org/bin/view/Main/NtpBug2902	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3388	vendor-advisory, x_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=1254547	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201607-15	vendor-advisory, x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20171004-0001/	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website