Home > Vulnerability Database > CVE-2015-7976

Mend Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-7976

Good to know:

Date: January 30, 2017

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Severity Score

4.3

Related Resources (5)

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Url: https://access.redhat.com/security/cve/CVE-2015-7976

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7976

Url: https://www.mend.io/vulnerability-database/CVE-2015-7976

Severity Score

4.3

Weakness Type (CWE)

Security Features

CWE-254

Top Fix

Upgrade Version

CVSS v3

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us