Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-28
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
| Products | Ntp |
| Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://support.ntp.org/bin/view/Main/NtpBug2918
• http://support.ntp.org/bin/view/Main/SecurityNotice • http://www.talosintel.com/reports/TALOS-2015-0062/ |