UBUNTU-CVE-2016-0727

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-0727

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-0727.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-0727

Related

Published

2016-01-22T00:00:00Z

Modified

2016-01-22T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

References

Affected packages

Ubuntu:14.04:LTS / ntp

Package

Name: ntp
Purl: pkg:deb/ubuntu/ntp?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Affected versions

1:4.*

1:4.2.6.p5+dfsg-3ubuntu2

1:4.2.6.p5+dfsg-3ubuntu2.14.04.1

1:4.2.6.p5+dfsg-3ubuntu2.14.04.2

1:4.2.6.p5+dfsg-3ubuntu2.14.04.3

1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

1:4.2.6.p5+dfsg-3ubuntu2.14.04.6

1:4.2.6.p5+dfsg-3ubuntu2.14.04.7

1:4.2.6.p5+dfsg-3ubuntu2.14.04.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp-dbgsym"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntp-doc"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntpdate"
        },
        {
            "binary_version": "1:4.2.6.p5+dfsg-3ubuntu2.14.04.10",
            "binary_name": "ntpdate-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / ntp

Package

Name: ntp
Purl: pkg:deb/ubuntu/ntp?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.2.8p4+dfsg-3ubuntu5.3

Affected versions

1:4.*

1:4.2.6.p5+dfsg-3ubuntu8

1:4.2.6.p5+dfsg-3ubuntu8.1

1:4.2.6.p5+dfsg-3ubuntu9

1:4.2.8p4+dfsg-3ubuntu1

1:4.2.8p4+dfsg-3ubuntu2

1:4.2.8p4+dfsg-3ubuntu3

1:4.2.8p4+dfsg-3ubuntu4

1:4.2.8p4+dfsg-3ubuntu5

1:4.2.8p4+dfsg-3ubuntu5.1

1:4.2.8p4+dfsg-3ubuntu5.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp-dbgsym"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntp-doc"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntpdate"
        },
        {
            "binary_version": "1:4.2.8p4+dfsg-3ubuntu5.3",
            "binary_name": "ntpdate-dbgsym"
        }
    ]
}