Home > Vulnerability Database > CVE-2015-7976

Mend.io Vulnerability Database

CVE-2015-7976

Date: January 30, 2017

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Severity Score

4.3

Related Resources (21)

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Url: https://access.redhat.com/security/cve/CVE-2015-7976

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

Url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

Url: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7976

Url: https://security.netapp.com/advisory/ntap-20171031-0001/

Url: http://www.securitytracker.com/id/1034782

Url: http://support.ntp.org/bin/view/Main/NtpBug2938

Url: http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Url: https://security.gentoo.org/glsa/201607-15

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7976

Url: http://www.ubuntu.com/usn/USN-3096-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Url: https://www.kb.cert.org/vuls/id/718152

Url: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Url: https://bto.bluecoat.com/security-advisory/sa113

Url: https://www.mend.io/vulnerability-database/CVE-2015-7976

Severity Score

4.3

Weakness Type (CWE)

Security Features

CWE-254

CVSS v3

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-7976

Date: January 30, 2017

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?