Privilege escalation vulnerability in ntp crontab script

Privilege escalation vulnerability in ntp crontab script

CVE-2016-0727 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.