Test ID:	1.3.6.1.4.1.25623.1.0.811253
Category:	General
Title:	NTP.org 'ntpd' ':config' Command Arbitrary File Overwrite Vulnerability
Summary:	NTP.org's reference implementation of NTP server, ntpd is prone to an arbitrary file-overwrite vulnerability.
Description:	Summary: NTP.org's reference implementation of NTP server, ntpd is prone to an arbitrary file-overwrite vulnerability. Vulnerability Insight: The flaw exists due to improper access restrictions for the 'pidfile' or 'driftfile' directives in NTP. Vulnerability Impact: Successful exploitation will allow remote attackers to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the 'pidfile' or 'driftfile' directives to potentially overwrite other files. Affected Software/OS: NTPd version 4.x prior to 4.2.8p4 and 4.3.0 prior to 4.3.77. Solution: Update to version 4.2.8p4, 4.3.77 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7703 BugTraq ID: 77278 http://www.securityfocus.com/bid/77278 Debian Security Information: DSA-3388 (Google Search) http://www.debian.org/security/2015/dsa-3388 https://security.gentoo.org/glsa/201607-15 RedHat Security Advisories: RHSA-2016:0780 http://rhn.redhat.com/errata/RHSA-2016-0780.html RedHat Security Advisories: RHSA-2016:2583 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://www.securitytracker.com/id/1033951
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.