Red Hat Bugzilla – Bug 1300268
CVE-2015-7976 ntp: 'ntpq saveconfig' command allows dangerous characters in filenames
Last modified: 2016-02-12 09:55:54 EST
The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note: the ability to use the saveconfig command is controlled by the 'restrict nomodify' directive, and the recommended default configuration is to disable this capability. If the ability to execute a 'saveconfig' is required, it can easily (and should) be limited and restricted to a known small number of IP addresses.
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1300277]
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Use the 'restrict default nomodify' directive in ntp.conf to disable modification of ntp.conf via the ntpq command.