CVE-2015-7976 | Vulnerability Database | Aqua Security

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Affected Software

Name	Vendor	Start Version	End Version
Ntp	Ntp	4.1.2 (including)	4.1.2 (including)
Ntp	Ubuntu	precise	*
Ntp	Ubuntu	trusty	*
Ntp	Ubuntu	upstream	*
Ntp	Ubuntu	vivid	*
Ntp	Ubuntu	vivid/stable-phone-overlay	*
Ntp	Ubuntu	wily	*
Ntp	Ubuntu	xenial	*

References

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://support.ntp.org/bin/view/Main/NtpBug2938
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
http://www.securitytracker.com/id/1034782
http://www.ubuntu.com/usn/USN-3096-1
https://bto.bluecoat.com/security-advisory/sa113
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171031-0001/
https://www.kb.cert.org/vuls/id/718152

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7976
CWE	https://cwe.mitre.org/data/definitions/254.html