AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of NTP installed that is affected
by multiple vulnerabilities.

Description :

The version of NTP installed on the remote AIX host is affected by
the following vulnerabilities :

- A time serving flaw exists in the trusted key system
due to improper key checks. An authenticated, remote
attacker can exploit this to perform impersonation
attacks between authenticated peers. (CVE-2015-7974)

- An information disclosure vulnerability exists in the
message authentication functionality in libntp that is
triggered during the handling of a series of specially
crafted messages. An adjacent attacker can exploit this
to partially recover the message digest key.
(CVE-2016-1550)

- A flaw exists due to improper filtering of IPv4 'bogon'
packets received from a network. An unauthenticated,
remote attacker can exploit this to spoof packets to
appear to come from a specific reference clock.
(CVE-2016-1551)

- A denial of service vulnerability exists that allows an
authenticated, remote attacker to manipulate the value
of the trustedkey, controlkey, or requestkey via a
crafted packet, preventing authentication with ntpd
until the daemon has been restarted. (CVE-2016-2517)

- An out-of-bounds read error exists in the MATCH_ASSOC()
function that occurs during the creation of peer
associations with hmode greater than 7. An
authenticated, remote attacker can exploit this, via a
specially crafted packet, to cause a denial of service.
(CVE-2016-2518)

- An overflow condition exists in the ctl_getitem()
function in ntpd due to improper validation of
user-supplied input when reporting return values. An
authenticated, remote attacker can exploit this to cause
ntpd to abort. (CVE-2016-2519)

See also :

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 102128 ()

Bugtraq ID: 81960
88189
88204
88219
88226
88261

CVE ID: CVE-2015-7974
CVE-2016-1550
CVE-2016-1551
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now