{"id":"CVE-2015-7851","details":"Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.","modified":"2026-01-27T04:15:09.502796Z","published":"2020-01-28T17:15:12Z","withdrawn":"2026-01-27T04:15:09.502796Z","related":["SUSE-SU-2015:2058-1","SUSE-SU-2016:1247-1","SUSE-SU-2016:1311-1","openSUSE-SU-2024:10181-1"],"references":[{"type":"ADVISORY","url":"http://support.ntp.org/bin/view/Main/NtpBug2918"},{"type":"ADVISORY","url":"http://support.ntp.org/bin/view/Main/SecurityNotice"},{"type":"EVIDENCE","url":"http://www.talosintel.com/reports/TALOS-2015-0062/"}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}