[ntp:security] [Bug 2918] New: TALOS-CAN-0062: A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a path traversal potentially resulting in files being overwritten. saveconfig Directory Traversal Vulnerability

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Oct 1 11:08:09 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2918

             Bug #: 2918
           Summary: TALOS-CAN-0062: A potential path traversal
                    vulnerability exists in the config file saving of ntpd
                    on VMS. A specially crafted path could cause a path
                    traversal potentially resulting in files being
                    overwritten. saveconfig Directory Traversal
                    Vulnerability
           Product: ntp
           Version: 4.2.8
          Platform: Other
        OS/Version: OpenVMS
            Status: CONFIRMED
          Severity: normal
          Priority: P5
         Component: Security Bugs
        AssignedTo: stenn at ntp.org
        ReportedBy: stenn at ntp.org
                CC: security at ntp.org
    Classification: Unclassified


Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |blocking4.2.8+

A potential path traversal vulnerability exists in the config file saving of
ntpd on VMS. A specially crafted path could cause a path traversal potentially
resulting in files being overwritten. An attacker could provide a malicious
path to trigger this vulnerability.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list