PT-2015-7643 · Ntp+3 · Ntp+4

Yves Younan

Published

2014-12-24

Updated

2024-06-15

CVE-2015-7851

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p4

Description The issue allows remote authenticated users to overwrite arbitrary files due to a directory traversal vulnerability in the save config function in ntpd. This vulnerability is particularly relevant on systems that do not use '' or '/' characters for directory separation, such as OpenVMS.

Recommendations For versions prior to 4.2.8p4, update to version 4.2.8p4 or later to resolve the issue. As a temporary workaround, consider restricting access to the save config function in ntpd to minimize the risk of exploitation.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2014-2486

CVE-2015-7851

DLA-335-1

DSA-3388-1

OPENSUSE-SU-2024:10181-1

SUSE-SU-2015:2058-1

SUSE-SU-2016:1247-1

SUSE-SU-2016:1311-1

Affected Products

Alt Linux

Cisco Ios Xe

Cisco Nexus

Ntp

Suse

PT-2015-7643 · Ntp+3 · Ntp+4

CVE-2015-7851

Weakness Enumeration

Related Identifiers

Affected Products

References · 189