NTP: Pidfile Driftfile Arbitrary File Overwrite
This signature detects attempts to exploit a known vulnerability in Network Time Protocol daemon (NTPD). Successful exploitation could lead to data corruption or denial-of-service on the target system.
Extended Description
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
Affected Products
Netapp oncommand_performance_manager
Short Name
NTP:PIDFILE-DRIFTFILE-OVERWRITE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
NTP
Keywords
Arbitrary CVE-2015-7703 Driftfile File Overwrite Pidfile
Release Date
02/01/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Oracle
Ntp
Netapp
Debian
Redhat
CVSS Score
4.3