Bug 1300268 - (CVE-2015-7976) CVE-2015-7976 ntp: 'ntpq saveconfig' command allows dangerous characters in filenames
CVE-2015-7976 ntp: 'ntpq saveconfig' command allows dangerous characters in f...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1300277
Blocks: 1297474
  Show dependency treegraph
Reported: 2016-01-20 06:42 EST by Martin Prpič
Modified: 2016-02-12 09:55 EST (History)
2 users (show)

See Also:
Fixed In Version: ntp 4.2.8p6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-20 09:34:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Martin Prpič 2016-01-20 06:42:08 EST
The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note: the ability to use the saveconfig command is controlled by the 'restrict nomodify' directive, and the recommended default configuration is to disable this capability. If the ability to execute a 'saveconfig' is required, it can easily (and should) be limited and restricted to a known small number of IP addresses.

Upstream patches:

Comment 2 Martin Prpič 2016-01-20 07:01:52 EST
Created ntp tracking bugs for this issue:

Affects: fedora-all [bug 1300277]
Comment 3 Martin Prpič 2016-01-20 09:34:52 EST

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 4 Martin Prpič 2016-02-01 03:50:30 EST

Use the 'restrict default nomodify' directive in ntp.conf to disable modification of ntp.conf via the ntpq command.

Note You need to log in before you can comment on or make changes to this bug.