High severity7.5NVD Advisory· Published Jul 24, 2017· Updated May 13, 2026

CVE-2015-7703

Description

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2016-0780.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-2583.htmlnvdThird Party Advisory
support.ntp.org/bin/view/Main/NtpBug2902nvdVendor Advisory
www.debian.org/security/2015/dsa-3388nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.securityfocus.com/bid/77278nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1033951nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201607-15nvdThird Party Advisory
security.netapp.com/advisory/ntap-20171004-0001/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000