NTP BUG 2938: ntpq saveconfig command allows dangerous characters in filenames

Last update: February 15, 2022 20:59 UTC (43fbd379b)


Summary

Resolved 4.2.8p6 19 Jan 2016
References Bug 2938 AV:N/AC:L/Au:S/C:N/I:P/A:N

Description

The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note well: The ability to use the saveconfig command is controlled by the restrict nomodify directive, and the recommended default configuration is to disable this capability. If the ability to execute a saveconfig is required, it can easily (and should) be limited and restricted to a known small number of IP addresses.


Mitigation


Credit

This weakness was discovered by Jonathan Gardner of Cisco ASIG.


Timeline