NTP Multiple Arbitrary File Overwrite Vulnerability (CVE-2015-5196)

NTP Multiple Arbitrary File Overwrite Vulnerability (CVE-2015-5196)
NTP Multiple Arbitrary File Overwrite Vulnerability (CVE-2015-5196)

Release date:
Updated on:

Affected Systems:

NTP 4.x

Description:

Bugtraq id: 76476
CVE (CAN) ID: CVE-2015-5196

Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It can synchronize computers with their servers or clock sources (such as quartzels and GPS.

NTP: The config command can set the pidfile and driftfile paths without restrictions. Remote attackers can exploit this vulnerability to overwrite files in the document system.

<* Source: Miroslav Lichvar
*>

Suggestion:

Vendor patch:

NTP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://bodhi.fedoraproject.org/updates/FEDORA-2015-14211
Https://bodhi.fedoraproject.org/updates/FEDORA-2015-14212
Https://bodhi.fedoraproject.org/updates/FEDORA-2015-14213

CentOS NTP server installation and configuration

NTP servers in Linux

NTP client configurations for multiple operating systems

Build an enterprise-level NTP Time Server

Set up an ntp time synchronization server in Linux

Enable NTP time server in CentOS 6.3

This article permanently updates the link address: