AIX NTP v4 Advisory : ntp_advisory6.asc (IV83983) (IV83992)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of NTP installed that is affected
by multiple vulnerabilities.

Description :

The version of NTP installed on the remote AIX host is affected by
the following vulnerabilities :

- A flaw exists in the receive() function due to the use
of authenticated broadcast mode. A man-in-the-middle
attacker can exploit this to conduct a replay attack.
(CVE-2015-7973)

- A NULL pointer dereference flaw exists in ntp_request.c
that is triggered when handling ntpdc relist commands.
A remote attacker can exploit this, via a specially
crafted request, to crash the service, resulting in a
denial of service condition. (CVE-2015-7977)

- An unspecified flaw exists in authenticated broadcast
mode. A remote attacker can exploit this, via specially
crafted packets, to cause a denial of service condition.
(CVE-2015-7979)

- A flaw exists in ntpq and ntpdc that allows a remote
attacker to disclose sensitive information in
timestamps. (CVE-2015-8139)

- A flaw exists in the ntpq protocol that is triggered
during the handling of an improper sequence of numbers.
A man-in-the-middle attacker can exploit this to conduct
a replay attack. (CVE-2015-8140)

- A flaw exists in the ntpq client that is triggered when
handling packets that cause a loop in the getresponse()
function. A remote attacker can exploit this to cause an
infinite loop, resulting in a denial of service
condition. (CVE-2015-8158)

See also :

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory6.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 92357 ()

Bugtraq ID: 81814
81815
81816
81963
82102
82105

CVE ID: CVE-2015-7973
CVE-2015-7977
CVE-2015-7979
CVE-2015-8139
CVE-2015-8140
CVE-2015-8158

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now