CVE-2016-0727

Name of the Vulnerable Software and Affected Versions ntp versions prior to 1:4.2.6.p3+dfsg-1ubuntu3.11 ntp versions prior to 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 ntp versions prior to 1:4.2.8p4+dfsg-3ubuntu5.3

Description The issue is related to the crontab script in the ntp package, which allows local users with access to the ntp account to write to arbitrary files and gain privileges via vectors involving statistics directory cleanup. This is due to insufficient access control.

Recommendations For versions prior to 1:4.2.6.p3+dfsg-1ubuntu3.11, update to version 1:4.2.6.p3+dfsg-1ubuntu3.11 or later. For versions prior to 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10, update to version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 or later. For versions prior to 1:4.2.8p4+dfsg-3ubuntu5.3, update to version 1:4.2.8p4+dfsg-3ubuntu5.3 or later.