Vulnerability CVE-2015-7976


Published: 2017-01-30

Description:
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Type:

CWE-254

(Security Features)

Vendor: Novell
Product: Suse openstack cloud 
Version: 5;
Product: LEAP 
Version: 42.1;
Product: Opensuse 
Version: 13.2;
Vendor: Opensuse
Product: LEAP 
Version: 42.1;
Product: Opensuse 
Version: 13.2;
Vendor: NTP
Product: NTP 
Version:
4.3.9
4.3.89
4.3.88
4.3.87
4.3.86
4.3.85
4.3.84
4.3.83
4.3.82
4.3.81
4.3.80
4.3.8
4.3.79
4.3.78
4.3.77
4.3.76
4.3.75
4.3.74
4.3.73
4.3.72
4.3.71
4.3.70
4.3.7
4.3.69
4.3.68
4.3.67
4.3.66
4.3.65
4.3.64
4.3.63
4.3.62
4.3.61
4.3.60
4.3.6
4.3.59
4.3.58
4.3.57
4.3.56
4.3.55
4.3.54
4.3.53
4.3.52
4.3.51
4.3.50
4.3.5
4.3.49
4.3.48
4.3.47
4.3.46
4.3.45
4.3.44
4.3.43
4.3.42
4.3.41
4.3.40
4.3.4
4.3.39
4.3.38
4.3.37
4.3.36
4.3.35
4.3.34
4.3.33
4.3.32
4.3.31
4.3.30
4.3.3
4.3.29
4.3.28
4.3.27
4.3.26
4.3.25
4.3.24
4.3.23
4.3.22
4.3.21
4.3.20
4.3.2
4.3.19
4.3.18
4.3.17
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
4.2.8
4.1.2
See more versions on NVD
Vendor: SUSE
Product: Manager 
Version: 2.1;
Product: Manager proxy 
Version: 2.1;
Product: Linux enterprise desktop 
Version: 12;

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://support.ntp.org/bin/view/Main/NtpBug2938
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://bto.bluecoat.com/security-advisory/sa113
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152

Related CVE
CVE-2019-3688
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an att...
CVE-2019-3684
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE...
CVE-2017-16232
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the ...
CVE-2019-9211
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.
CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2018-17957
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
CVE-2018-19655
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a malicio...

Copyright 2019, cxsecurity.com

 

Back to Top