AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote AIX host has a version of NTP installed that is affected
by multiple vulnerabilities.

Description :

The version of NTP installed on the remote AIX host is affected by
the following vulnerabilities :

- A time serving flaw exists in the trusted key system
due to improper key checks. An authenticated, remote
attacker can exploit this to perform impersonation
attacks between authenticated peers. (CVE-2015-7974)

- An information disclosure vulnerability exists in the
message authentication functionality in libntp that is
triggered during the handling of a series of specially
crafted messages. An adjacent attacker can exploit this
to partially recover the message digest key.

- A flaw exists due to improper filtering of IPv4 'bogon'
packets received from a network. An unauthenticated,
remote attacker can exploit this to spoof packets to
appear to come from a specific reference clock.

- A denial of service vulnerability exists that allows an
authenticated, remote attacker to manipulate the value
of the trustedkey, controlkey, or requestkey via a
crafted packet, preventing authentication with ntpd
until the daemon has been restarted. (CVE-2016-2517)

- An out-of-bounds read error exists in the MATCH_ASSOC()
function that occurs during the creation of peer
associations with hmode greater than 7. An
authenticated, remote attacker can exploit this, via a
specially crafted packet, to cause a denial of service.

- An overflow condition exists in the ctl_getitem()
function in ntpd due to improper validation of
user-supplied input when reporting return values. An
authenticated, remote attacker can exploit this to cause
ntpd to abort. (CVE-2016-2519)

See also :

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 102128 ()

Bugtraq ID: 81960

CVE ID: CVE-2015-7974

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now