CVE-2015-7976

Priority
Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3,
4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters,
which allows attackers to cause unspecified impact via a crafted filename.
Notes
mdeslaurunfixed in debian and fedora
Package
Source: ntp (LP Ubuntu Debian)
Upstream:released (4.2.8p6)
Ubuntu 12.04 ESM (Precise Pangolin):released (1:4.2.6.p3+dfsg-1ubuntu3.11)
Ubuntu 14.04 ESM (Trusty Tahr):released (1:4.2.6.p5+dfsg-3ubuntu2.14.04.10)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:4.2.8p4+dfsg-3ubuntu5.3)
Patches:
Upstream:https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
Upstream:https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
More Information

Updated: 2020-01-29 19:53:18 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)