AIX 6.1 TL 9 : ntp (IV83984) (deprecated)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

This plugin has been deprecated.

Description :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 NTP could
allow a remote attacker to launch a replay attack. An attacker could
exploit this vulnerability using authenticated broadcast mode packets
to conduct a replay attack and gain unauthorized access to the system.
NTP is vulnerable to a denial of service, caused by a NULL pointer
dereference. By sending a specially crafted ntpdc reslist command, an
attacker could exploit this vulnerability to cause a segmentation
fault. NTP could allow a remote attacker to bypass security
restrictions. By sending specially crafted broadcast packets with bad
authentication, an attacker could exploit this vulnerability to cause
the target broadcast client to tear down the association with the
broadcast server. NTP could allow a remote attacker to obtain
sensitive information, caused by an origin leak in ntpq and ntpdc. An
attacker could exploit this vulnerability to obtain sensitive
information. NTP could allow a remote attacker to launch a replay
attack. An attacker could exploit this vulnerability using ntpq to
conduct a replay attack and gain unauthorized access to the system.
NTP is vulnerable to a denial of service, caused by the improper
processing of incoming packets by ntpq. By sending specially crafted
data, an attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.

This plugin has been deprecated due to manual logic changes and
advisory issues. Use aix_ntp_v3_advisory6.nasl (plugin ID 92356)
instead.

See also :

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory6.asc

Solution :

n/a

Risk factor :

High

Family: AIX Local Security Checks

Nessus Plugin ID: 91516 ()

Bugtraq ID:

CVE ID: CVE-2015-7973
CVE-2015-7977
CVE-2015-7979
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now