CVE-2015-7976

Priority
Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3,
4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters,
which allows attackers to cause unspecified impact via a crafted filename.
Notes
mdeslaurunfixed in debian and fedora
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p6)
Ubuntu 16.04 ESM:released (1:4.2.8p4+dfsg-3ubuntu5.3)
Ubuntu 14.04 ESM:released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Ubuntu 20.04 FIPS Compliant:not-affected (1:4.2.8p4+dfsg-3ubuntu6)
Patches:
Upstream:https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
Upstream:https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
More Information

Updated: 2022-04-13 12:06:48 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)