Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3,
4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters,
which allows attackers to cause unspecified impact via a crafted filename.
Notes
mdeslaur | unfixed in debian and fedora |
Package
Upstream: | released
(4.2.8p6)
|
Ubuntu 16.04 ESM: | released
(1:4.2.8p4+dfsg-3ubuntu5.3)
|
Ubuntu 14.04 ESM: | released
(1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
|
Ubuntu 20.04 FIPS Compliant: | not-affected
(1:4.2.8p4+dfsg-3ubuntu6)
|
Patches:
Updated: 2022-04-13 12:06:48 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)