AIX 6.1 TL 9 : ntp (IV91803) (deprecated)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

This plugin has been deprecated.

Description :

NTPv3 and NTPv4 are vulnerable to :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427 NTP is
vulnerable to a denial of service, caused by an error in broadcast
mode replay prevention functionality. By sending specially crafted NTP
packets, a local attacker could exploit this vulnerability to cause a
denial of service. NTP is vulnerable to a denial of service, caused by
an error in broadcast mode poll interval enforcement functionality. By
sending specially crafted NTP packets, a remote attacker from within
the local network could exploit this vulnerability to cause a denial
of service. NTP is vulnerable to a denial of service, caused by an
error in the control mode (mode 6) functionality. By sending specially
crafted control mode packets, a remote attacker could exploit this
vulnerability to obtain sensitive information and cause the
application to crash. NTP is vulnerable to a denial of service, caused
by a NULL pointer dereference when trap service has been enabled. By
sending specially crafted packets, a remote attacker could exploit
this vulnerability to cause the application to crash.

This plugin has been deprecated to better accommodate iFix
supersedence with replacement plugin aix_ntp_v3_advisory8.nasl (plugin
id 102129).

See also :

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc

Solution :

n/a

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: AIX Local Security Checks

Nessus Plugin ID: 97131 ()

Bugtraq ID:

CVE ID: CVE-2016-7427
CVE-2016-7428
CVE-2016-9310
CVE-2016-9311

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now