CVE-2015-7703: Input Validation
First published: Mon Jul 24 2017(Updated: )
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NTP ntp | >=4.2.0<4.2.8 | |
| NTP ntp | >=4.3.0<4.3.77 | |
| NTP ntp | =4.2.8 | |
| NTP ntp | =4.2.8-p1 | |
| NTP ntp | =4.2.8-p1-beta1 | |
| NTP ntp | =4.2.8-p1-beta2 | |
| NTP ntp | =4.2.8-p1-beta3 | |
| NTP ntp | =4.2.8-p1-beta4 | |
| NTP ntp | =4.2.8-p1-beta5 | |
| NTP ntp | =4.2.8-p1-rc1 | |
| NTP ntp | =4.2.8-p1-rc2 | |
| NTP ntp | =4.2.8-p2 | |
| NTP ntp | =4.2.8-p2-rc1 | |
| NTP ntp | =4.2.8-p2-rc2 | |
| NTP ntp | =4.2.8-p2-rc3 | |
| NTP ntp | =4.2.8-p3 | |
| NTP ntp | =4.2.8-p3-rc1 | |
| NTP ntp | =4.2.8-p3-rc2 | |
| NTP ntp | =4.2.8-p3-rc3 | |
| Oracle Linux | =6 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 | |
| NetApp OnCommand Performance Manager | ||
| NetApp OnCommand Unified Manager | ||
| NetApp Clustered Data ONTAP | ||
| NetApp Data ONTAP 7-Mode | ||
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.3 | |
| redhat enterprise Linux server aus | =7.4 | |
| redhat enterprise Linux server aus | =7.6 | |
| redhat enterprise Linux server aus | =7.7 | |
| redhat enterprise Linux server eus | =7.3 | |
| redhat enterprise Linux server eus | =7.4 | |
| redhat enterprise Linux server eus | =7.5 | |
| redhat enterprise Linux server eus | =7.6 | |
| redhat enterprise Linux server eus | =7.7 | |
| redhat enterprise Linux server tus | =7.3 | |
| redhat enterprise Linux server tus | =7.6 | |
| redhat enterprise Linux server tus | =7.7 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-0780.html
- http://rhn.redhat.com/errata/RHSA-2016-2583.html
- http://support.ntp.org/bin/view/Main/NtpBug2902
- http://www.debian.org/security/2015/dsa-3388
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/77278
- http://www.securitytracker.com/id/1033951
- https://bugzilla.redhat.com/show_bug.cgi?id=1254547
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20171004-0001/
Frequently Asked Questions
What is the severity of CVE-2015-7703?
CVE-2015-7703 has a severity rating of important, as it allows remote attackers to exploit configuration settings.
How do I fix CVE-2015-7703?
To fix CVE-2015-7703, upgrade NTP to version 4.2.8p4 or higher for 4.2.x, or 4.3.77 or higher for 4.3.x.
What versions of NTP are affected by CVE-2015-7703?
CVE-2015-7703 affects NTP versions 4.2.0 to 4.2.8p3 and 4.3.0 to 4.3.76.
What kind of attacks can result from CVE-2015-7703?
CVE-2015-7703 allows attackers to perform unauthorized management actions on the NTP server due to remote configuration vulnerabilities.
Is there a workaround for CVE-2015-7703?
As a temporary workaround for CVE-2015-7703, disable remote configuration on the NTP server.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ntp
- canonical/ntp ntp
- version/ntp ntp/4.2.0
- version/ntp ntp/4.3.0
- version/ntp ntp/4.2.8
- version/ntp ntp/4.2.8-p1
- version/ntp ntp/4.2.8-p1-beta1
- version/ntp ntp/4.2.8-p1-beta2
- version/ntp ntp/4.2.8-p1-beta3
- version/ntp ntp/4.2.8-p1-beta4
- version/ntp ntp/4.2.8-p1-beta5
- version/ntp ntp/4.2.8-p1-rc1
- version/ntp ntp/4.2.8-p1-rc2
- version/ntp ntp/4.2.8-p2
- version/ntp ntp/4.2.8-p2-rc1
- version/ntp ntp/4.2.8-p2-rc2
- version/ntp ntp/4.2.8-p2-rc3
- version/ntp ntp/4.2.8-p3
- version/ntp ntp/4.2.8-p3-rc1
- version/ntp ntp/4.2.8-p3-rc2
- version/ntp ntp/4.2.8-p3-rc3
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/6
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0
- vendor/netapp
- canonical/netapp oncommand performance manager
- canonical/netapp oncommand unified manager
- canonical/netapp clustered data ontap
- canonical/netapp data ontap 7-mode
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0