fkie_cve-2015-7976
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
cve@mitre.orghttps://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20171031-0001/
cve@mitre.orghttps://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171031-0001/
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ntp ntp 4.1.2
ntp ntp *
ntp ntp 4.3.0
ntp ntp 4.3.1
ntp ntp 4.3.2
ntp ntp 4.3.3
ntp ntp 4.3.4
ntp ntp 4.3.5
ntp ntp 4.3.6
ntp ntp 4.3.7
ntp ntp 4.3.8
ntp ntp 4.3.9
ntp ntp 4.3.10
ntp ntp 4.3.11
ntp ntp 4.3.12
ntp ntp 4.3.13
ntp ntp 4.3.14
ntp ntp 4.3.15
ntp ntp 4.3.16
ntp ntp 4.3.17
ntp ntp 4.3.18
ntp ntp 4.3.19
ntp ntp 4.3.20
ntp ntp 4.3.21
ntp ntp 4.3.22
ntp ntp 4.3.23
ntp ntp 4.3.24
ntp ntp 4.3.25
ntp ntp 4.3.26
ntp ntp 4.3.27
ntp ntp 4.3.28
ntp ntp 4.3.29
ntp ntp 4.3.30
ntp ntp 4.3.31
ntp ntp 4.3.32
ntp ntp 4.3.33
ntp ntp 4.3.34
ntp ntp 4.3.35
ntp ntp 4.3.36
ntp ntp 4.3.37
ntp ntp 4.3.38
ntp ntp 4.3.39
ntp ntp 4.3.40
ntp ntp 4.3.41
ntp ntp 4.3.42
ntp ntp 4.3.43
ntp ntp 4.3.44
ntp ntp 4.3.45
ntp ntp 4.3.46
ntp ntp 4.3.47
ntp ntp 4.3.48
ntp ntp 4.3.49
ntp ntp 4.3.50
ntp ntp 4.3.51
ntp ntp 4.3.52
ntp ntp 4.3.53
ntp ntp 4.3.54
ntp ntp 4.3.55
ntp ntp 4.3.56
ntp ntp 4.3.57
ntp ntp 4.3.58
ntp ntp 4.3.59
ntp ntp 4.3.60
ntp ntp 4.3.61
ntp ntp 4.3.62
ntp ntp 4.3.63
ntp ntp 4.3.64
ntp ntp 4.3.65
ntp ntp 4.3.66
ntp ntp 4.3.67
ntp ntp 4.3.68
ntp ntp 4.3.69
ntp ntp 4.3.70
ntp ntp 4.3.71
ntp ntp 4.3.72
ntp ntp 4.3.73
ntp ntp 4.3.74
ntp ntp 4.3.75
ntp ntp 4.3.76
ntp ntp 4.3.77
ntp ntp 4.3.78
ntp ntp 4.3.79
ntp ntp 4.3.80
ntp ntp 4.3.81
ntp ntp 4.3.82
ntp ntp 4.3.83
ntp ntp 4.3.84
ntp ntp 4.3.85
ntp ntp 4.3.86
ntp ntp 4.3.87
ntp ntp 4.3.88
ntp ntp 4.3.89
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
novell suse_openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse suse_linux_enterprise_server 12



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
              "matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "74268F7D-058C-4E84-9D7E-3853A95918BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
    },
    {
      "lang": "es",
      "value": "El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a trav\u00e9s de un nombre de archivo manipulado."
    }
  ],
  "id": "CVE-2015-7976",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-30T21:59:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…