NTP BUG 2938: ntpq saveconfig command allows dangerous characters in filenames

Last update: June 28, 2022 20:06 UTC (57417e17c)


Resolved 4.2.8p6 19 Jan 2016
References Bug 2938 AV:N/AC:L/Au:S/C:N/I:P/A:N


The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note well: The ability to use the saveconfig command is controlled by the restrict nomodify directive, and the recommended default configuration is to disable this capability. If the ability to execute a saveconfig is required, it can easily (and should) be limited and restricted to a known small number of IP addresses.



This weakness was discovered by Jonathan Gardner of Cisco ASIG.