Network Time Protocol 'ntp_control.c' Directory Traversal Vulnerability



Network Time Protocol is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue using directory-traversal characters ('../') to overwrite arbitrary files and cause a denial-of-service condition.

Information

Bugtraq ID: 77282
Class: Input Validation Error
CVE: CVE-2015-7851

Remote: Yes
Local: No
Published: Oct 21 2015 12:00AM
Updated: May 10 2017 04:07PM
Credit: Yves Younan of Cisco Talos
Vulnerable: Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux -current
Rockwell Automation Stratix 5900 0
NTP NTPd 4.3
NTP NTP 4.3.25
NTP NTP 4.2.8
NTP NTP 4.2.6
NTP NTP 4.2.5 p74
NTP NTP 4.2.5 p153
NTP NTP 4.2.5 p150
NTP NTP 4.2.4 p8
NTP NTP 4.2.4 p7-RC2
NTP NTP 4.2.4 p7
NTP NTP 4.2.4 p6
NTP NTP 4.2.4 p5
NTP NTP 4.2.4 p4
NTP NTP 4.2.2 p4
NTP NTP 4.2.2 p1
NTP NTP 4.1.2
NTP NTP 4.3.70
NTP NTP 4.2.8p3-RC1
NTP NTP 4.2.8p3
NTP NTP 4.2.8p2
NTP NTP 4.2.7p366
NTP NTP 4.2.7p111
NTP NTP 4.2.7p11
NTP NTP 4.2.7
NTP NTP 4.2.5p3
NTP NTP 4.2.0.a
Juniper Junos OS 0
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.0.00
IBM DS8800 86.31.167.0 (R6.3)
IBM DS8800 0
IBM DS8700 87.51.14.X (R7.5)
IBM DS8700 87.41.17.X (R7.4)
IBM DS8700 76.31.143.0 (R6.3)
FreeBSD Freebsd 9.3-RELEASE-p9
FreeBSD FreeBSD 9.3-RELEASE-p6
FreeBSD FreeBSD 9.3-RELEASE-p5
FreeBSD FreeBSD 9.3-RELEASE-p3
FreeBSD Freebsd 9.3-RELEASE-p25
FreeBSD Freebsd 9.3-RELEASE-p24
FreeBSD Freebsd 9.3-RELEASE-p22
FreeBSD Freebsd 9.3-RELEASE-p21
FreeBSD FreeBSD 9.3-RELEASE-p2
FreeBSD Freebsd 9.3-RELEASE-p13
FreeBSD Freebsd 9.3-RELEASE-p10
FreeBSD FreeBSD 9.3-RELEASE-p1
FreeBSD FreeBSD 9.3-RC3-p1
FreeBSD FreeBSD 9.3-RC2-p1
FreeBSD FreeBSD 9.3-RC2
FreeBSD FreeBSD 9.3-RC1-p2
FreeBSD FreeBSD 9.3-RC
FreeBSD FreeBSD 9.3-PRERELEASE
FreeBSD FreeBSD 9.3-BETA3-p2
FreeBSD FreeBSD 9.3-BETA1-p2
FreeBSD FreeBSD 9.3-BETA1-p1
FreeBSD FreeBSD 9.3-BETA1
FreeBSD FreeBSD 9.3
FreeBSD Freebsd 10.2-RC2-p1
FreeBSD Freebsd 10.2-RC1-p2
FreeBSD Freebsd 10.2-RC1-p1
FreeBSD Freebsd 10.2-PRERELEASE
FreeBSD Freebsd 10.2-BETA2-p3
FreeBSD Freebsd 10.2-BETA2-p2
FreeBSD Freebsd 10.2
FreeBSD FreeBSD 10.1-STABLE
FreeBSD Freebsd 10.1-RELENG
FreeBSD Freebsd 10.1-RELEASE-p9
FreeBSD Freebsd 10.1-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p5
FreeBSD Freebsd 10.1-RELEASE-p19
FreeBSD Freebsd 10.1-RELEASE-p17
FreeBSD Freebsd 10.1-RELEASE-p16
FreeBSD FreeBSD 10.1-RELEASE-p1
FreeBSD Freebsd 10.1-RELEASE
FreeBSD FreeBSD 10.1-RC4-p1
FreeBSD FreeBSD 10.1-RC3-p1
FreeBSD FreeBSD 10.1-RC2-p3
FreeBSD FreeBSD 10.1-RC2-p1
FreeBSD FreeBSD 10.1-RC1-p1
FreeBSD FreeBSD 10.1-PRERELEASE
FreeBSD FreeBSD 10.1-BETA3-p1
FreeBSD FreeBSD 10.1-BETA1-p1
FreeBSD FreeBSD 10.1
Extremenetworks Summit WM3000 Series 0
Extremenetworks Purview Appliance 6.3
Extremenetworks Purview Appliance 6.0
Extremenetworks NetSight Appliance 6.3
Extremenetworks NetSight Appliance 6.0
Extremenetworks NAC Appliance 6.3
Extremenetworks NAC Appliance 6.0
Extremenetworks ExtremeXOS 16.1.2
Extremenetworks ExtremeXOS 15.7.4
Extremenetworks ExtremeXOS 15.7.3 Patch 8
Extremenetworks ExtremeXOS 15.7.3 Patch 1
Extremenetworks ExtremeXOS 15.7.2
Extremenetworks ExtremeXOS 15.7
Extremenetworks ExtremeXOS 15.6.4
Extremenetworks ExtremeXOS 16.1
Extremenetworks ExtremeXOS 15.4.1.3-patch1-10
Extremenetworks ExtremeXOS 15.4.1.0
Extremenetworks ExtremeXOS 15.3


Not Vulnerable: Rockwell Automation Stratix 5900 15.6.3
NTP NTP 4.3.77
NTP NTP 4.2.8p4
IBM QLogic Virtual Fabric Extension Module for IBM BladeCenter 9.0.3.14.0
IBM QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module 7.10.1.37.00
IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru 9.1.7.03.00
FreeBSD FreeBSD 9.3-STABLE
FreeBSD Freebsd 9.3-RELEASE-p29
FreeBSD Freebsd 10.2-STABLE
FreeBSD Freebsd 10.2-RELEASE-p6
FreeBSD Freebsd 10.1-RELEASE-p23
Extremenetworks Purview Appliance 6.4
Extremenetworks NetSight Appliance 6.4
Extremenetworks NAC Appliance 6.4
Extremenetworks ExtremeXOS 21.1
Extremenetworks ExtremeXOS 16.2


Exploit


An attacker can use readily available commands and tools to exploit this issue.


Related Posts