AIX NTP v4 Advisory : ntp_advisory8.asc (IV92126) (IV92287)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of NTP installed that is affected
by multiple vulnerabilities.

Description :

The version of NTP installed on the remote AIX host is affected by
the following vulnerabilities :

- A denial of service vulnerability exists in the
broadcast mode replay prevention functionality. An
unauthenticated, adjacent attacker can exploit this, via
specially crafted broadcast mode NTP packets
periodically injected into the broadcast domain, to
cause ntpd to reject broadcast mode packets from
legitimate NTP broadcast servers. (CVE-2016-7427)

- A denial of service vulnerability exists in the
broadcast mode poll interval functionality. An
unauthenticated, adjacent attacker can exploit this, via
specially crafted broadcast mode NTP packets, to cause
ntpd to reject packets from a legitimate NTP broadcast
server. (CVE-2016-7428)

- A flaw exists in the control mode (mode 6) functionality
when handling specially crafted control mode packets. An
unauthenticated, adjacent attacker can exploit this to
set or disable ntpd traps, resulting in the disclosure
of potentially sensitive information, disabling of
legitimate monitoring, or DDoS amplification.
(CVE-2016-9310)

- A NULL pointer dereference flaw exists in the
report_event() function within file ntpd/ntp_control.c
when the trap service handles certain peer events. An
unauthenticated, remote attacker can exploit this, via
a specially crafted packet, to cause a denial of service
condition. (CVE-2016-9311)

See also :

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory8.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: AIX Local Security Checks

Nessus Plugin ID: 99184 ()

Bugtraq ID: 94444
94446
94447
94452

CVE ID: CVE-2016-7427
CVE-2016-7428
CVE-2016-9310
CVE-2016-9311

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now