Bug 1382369 (CVE-2016-0727)

Summary: CVE-2016-0727 ntp: Privilege escalation via cronjob
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dkholia, mlichvar, sardella
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-07 07:31:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1382370    
Bug Blocks: 1382371    

Description Adam Mariš 2016-10-06 13:34:48 UTC 
Multiple bugs in cronjob script bundled with ntp package were found allowing malicious ntp user to make the backup process to overwrite arbitrary files with content controlled by the attacker, thus gaining root privileges.

External References:

http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
Comment 1 Adam Mariš 2016-10-06 13:35:11 UTC 
Created ntp tracking bugs for this issue:

Affects: fedora-all [bug 1382370]
Comment 4 Dhiru Kholia 2016-10-07 07:31:17 UTC 
Statement:

This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, or 7.