CVE-2015-7976
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
Known Affected Software
123 configuration(s) from 4 vendor(s)
suse_openstack_cloud
Version:
5
CPE:
cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*
ntp
Version:
4.3.78
CPE:
cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*
ntp
Version:
4.3.75
CPE:
cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*
ntp
Version:
4.0.72
CPE:
cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*
ntp
Version:
4.3.70
CPE:
cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*
ntp
Version:
4.1.2
CPE:
cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*
ntp
Version:
4.3.6
CPE:
cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*
ntp
Version:
4.3.44
CPE:
cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*
ntp
Version:
4.2.8
CPE:
cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*
ntp
Version:
4.3.26
CPE:
cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*
ntp
Version:
4.3.60
CPE:
cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*
ntp
Version:
4.0.73
CPE:
cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*
ntp
Version:
4.0.97
CPE:
cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*
ntp
Version:
4.0.98
CPE:
cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*
ntp
Version:
4.3.47
CPE:
cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*
ntp
Version:
4.3.35
CPE:
cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*
ntp
Version:
4.3.37
CPE:
cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*
ntp
Version:
4.2.6
CPE:
cpe:2.3:a:ntp:ntp:4.2.6:p2:*:*:*:*:*:*
ntp
Version:
4.3.58
CPE:
cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*
ntp
Version:
4.3.32
CPE:
cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*
ntp
Version:
4.3.22
CPE:
cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*
ntp
Version:
4.3.88
CPE:
cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*
ntp
Version:
4.3.15
CPE:
cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*
ntp
Version:
4.0.93
CPE:
cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*
ntp
Version:
4.0.91
CPE:
cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*
ntp
Version:
4.3.76
CPE:
cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*
ntp
Version:
4.3.77
CPE:
cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*
ntp
Version:
4.3.62
CPE:
cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*
ntp
Version:
4.3.38
CPE:
cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*
ntp
Version:
4.3.57
CPE:
cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*
ntp
Version:
4.3.7
CPE:
cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*
ntp
Version:
4.2.5
CPE:
cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*
ntp
Version:
4.3.40
CPE:
cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*
ntp
Version:
4.3.73
CPE:
cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*
ntp
Version:
4.0.99
CPE:
cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*
ntp
Version:
4.3.46
CPE:
cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*
ntp
Version:
4.3.61
CPE:
cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*
ntp
Version:
4.3.4
CPE:
cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*
ntp
Version:
4.3.72
CPE:
cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*
ntp
Version:
4.3.8
CPE:
cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*
ntp
Version:
4.0.90
CPE:
cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*
ntp
Version:
4.3.52
CPE:
cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*
ntp
Version:
4.2.2
CPE:
cpe:2.3:a:ntp:ntp:4.2.2:p2:*:*:*:*:*:*
ntp
Version:
4.3.17
CPE:
cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*
ntp
Version:
4.3.66
CPE:
cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*
ntp
Version:
4.3.64
CPE:
cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*
ntp
Version:
4.3.24
CPE:
cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*
ntp
Version:
4.3.3
CPE:
cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*
ntp
Version:
4.0.92
CPE:
cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*
ntp
Version:
4.0
CPE:
cpe:2.3:a:ntp:ntp:4.0:*:*:*:*:*:*:*
ntp
Version:
4.3.48
CPE:
cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*
ntp
Version:
4.0.95
CPE:
cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*
ntp
Version:
4.3.85
CPE:
cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*
ntp
Version:
4.0.94
CPE:
cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*
ntp
Version:
4.3.84
CPE:
cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*
ntp
Version:
4.3.89
CPE:
cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*
ntp
Version:
4.3.0
CPE:
cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*
ntp
Version:
4.3.27
CPE:
cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*
ntp
Version:
4.3.19
CPE:
cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*
ntp
Version:
4.3.45
CPE:
cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*
ntp
Version:
4.3.67
CPE:
cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*
ntp
Version:
4.3.16
CPE:
cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*
ntp
Version:
4.3.80
CPE:
cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*
ntp
Version:
4.3.2
CPE:
cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*
ntp
Version:
4.3.79
CPE:
cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*
ntp
Version:
4.2.4
CPE:
cpe:2.3:a:ntp:ntp:4.2.4:p0:*:*:*:*:*:*
ntp
Version:
4.3.18
CPE:
cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*
ntp
Version:
4.2.7
CPE:
cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*
ntp
Version:
4.3.51
CPE:
cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*
ntp
Version:
4.3.56
CPE:
cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*
ntp
Version:
4.3.34
CPE:
cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*
ntp
Version:
4.3.69
CPE:
cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*
ntp
Version:
4.3.28
CPE:
cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*
ntp
Version:
4.3.59
CPE:
cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*
ntp
Version:
4.3.71
CPE:
cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*
ntp
Version:
4.3.10
CPE:
cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*
ntp
Version:
4.3.20
CPE:
cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*
ntp
Version:
4.3.81
CPE:
cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*
ntp
Version:
4.3.74
CPE:
cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*
ntp
Version:
4.3.83
CPE:
cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*
ntp
Version:
4.3.65
CPE:
cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*
ntp
Version:
4.3.14
CPE:
cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*
ntp
Version:
4.3.43
CPE:
cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*
ntp
Version:
4.3.49
CPE:
cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*
ntp
Version:
4.3.12
CPE:
cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*
ntp
Version:
4.3.50
CPE:
cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*
ntp
Version:
4.3.1
CPE:
cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*
ntp
Version:
4.3.82
CPE:
cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*
ntp
Version:
4.3.13
CPE:
cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*
ntp
Version:
4.3.9
CPE:
cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*
ntp
Version:
4.1.0
CPE:
cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*
ntp
Version:
4.3.5
CPE:
cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*
ntp
Version:
4.3.86
CPE:
cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*
ntp
Version:
4.2.0
CPE:
cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*
ntp
Version:
4.3.41
CPE:
cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*
ntp
Version:
4.0.96
CPE:
cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*
ntp
Version:
4.3.30
CPE:
cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*
ntp
Version:
4.3.36
CPE:
cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*
ntp
Version:
4.3.11
CPE:
cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*
ntp
Version:
4.3.87
CPE:
cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*
ntp
Version:
4.3.55
CPE:
cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*
ntp
Version:
4.3.21
CPE:
cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*
ntp
Version:
4.3.33
CPE:
cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*
ntp
Version:
4.3.53
CPE:
cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*
ntp
Version:
4.3.31
CPE:
cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*
ntp
Version:
4.3.23
CPE:
cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*
ntp
Version:
4.3.68
CPE:
cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*
ntp
Version:
4.3.39
CPE:
cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*
ntp
Version:
4.3.29
CPE:
cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*
ntp
Version:
4.3.63
CPE:
cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*
ntp
Version:
4.3.42
CPE:
cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*
ntp
Version:
4.3.54
CPE:
cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*
ntp
Version:
4.3.25
CPE:
cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
leap
Version:
42.1
CPE:
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
manager
Version:
2.1
CPE:
cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
linux_enterprise_debuginfo
Version:
11
CPE:
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
linux_enterprise_server
Version:
10
CPE:
cpe:2.3:o:suse:linux_enterprise_server:10:-:*:*:*:*:*:*
suse_linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*
manager_proxy
Version:
2.1
CPE:
cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_server
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
This vulnerability affects 123 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlcve@mitre.org Third Party Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2938cve@mitre.org Vendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdcve@mitre.org Third Party Advisory
-
http://www.securitytracker.com/id/1034782cve@mitre.org Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-3096-1cve@mitre.org Third Party Advisory
-
https://bto.bluecoat.com/security-advisory/sa113cve@mitre.org Third Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asccve@mitre.org
-
https://security.gentoo.org/glsa/201607-15cve@mitre.org Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20171031-0001/cve@mitre.org
-
https://www.kb.cert.org/vuls/id/718152cve@mitre.org Third Party Advisory US Government Resource
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2938af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securitytracker.com/id/1034782af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-3096-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://bto.bluecoat.com/security-advisory/sa113af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.ascaf854a3a-2127-422b-91ae-364da2661108
-
https://security.gentoo.org/glsa/201607-15af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20171031-0001/af854a3a-2127-422b-91ae-364da2661108
-
https://www.kb.cert.org/vuls/id/718152af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory US Government Resource
Severity Details
out of 10.0
Low
Key Information
- Published Date
- January 30, 2017
