Name | CVE-2015-7703 |
Description | The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-335-1, DSA-3388-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
ntp (PTS) | jessie, jessie (lts) | 1:4.2.6.p5+dfsg-7+deb8u3 | fixed |
stretch | 1:4.2.8p10+dfsg-3+deb9u2 | fixed | |
buster, buster (lts) | 1:4.2.8p12+dfsg-4+deb10u1 | fixed | |
bullseye | 1:4.2.8p15+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
ntp | source | squeeze | 1:4.2.6.p2+dfsg-1+deb6u4 | DLA-335-1 | ||
ntp | source | wheezy | 1:4.2.6.p5+dfsg-2+deb7u6 | DSA-3388-1 | ||
ntp | source | jessie | 1:4.2.6.p5+dfsg-7+deb8u1 | DSA-3388-1 | ||
ntp | source | (unstable) | 1:4.2.8p4+dfsg-1 |
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637
https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88