NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
Publish Date: 09 novembre 2016
Gravità: : Critico
Descrizione
An arbitrary file overwrite vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to NTPD allowing remote clients to change the pidfile and driftfile configuration options to any arbitrary file, allowing any file on the target system to be overwritten. A remote, authenticated attacker can exploit this vulnerability by sending a crafted NTP request to the vulnerable service. Successful exploitation can cause the NTP process to write the drift value or the pid value to an arbitrary file. This can lead to data corruption or denial-of-service on the target system.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1007383