CVE-2015-7976

Priority
Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3,
4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters,
which allows attackers to cause unspecified impact via a crafted filename.
Notes
mdeslaurunfixed in debian and fedora
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p6)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Ubuntu 16.06 ESM (Xenial Xerus):released (1:4.2.8p4+dfsg-3ubuntu5.3)
Patches:
Upstream:https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
Upstream:https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
More Information

Updated: 2021-06-05 04:36:55 UTC (commit 9f1442d151c4b1764735c64061fe3a60c369dce8)