AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)

Medium Nessus Plugin ID 102128

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 4.4

Synopsis

The remote AIX host has a version of NTP installed that is affected by multiple vulnerabilities.

Description

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities :

- A time serving flaw exists in the trusted key system due to improper key checks. An authenticated, remote attacker can exploit this to perform impersonation attacks between authenticated peers. (CVE-2015-7974)

- An information disclosure vulnerability exists in the message authentication functionality in libntp that is triggered during the handling of a series of specially crafted messages. An adjacent attacker can exploit this to partially recover the message digest key.
(CVE-2016-1550)

- A flaw exists due to improper filtering of IPv4 'bogon' packets received from a network. An unauthenticated, remote attacker can exploit this to spoof packets to appear to come from a specific reference clock.
(CVE-2016-1551)

- A denial of service vulnerability exists that allows an authenticated, remote attacker to manipulate the value of the trustedkey, controlkey, or requestkey via a crafted packet, preventing authentication with ntpd until the daemon has been restarted. (CVE-2016-2517)

- An out-of-bounds read error exists in the MATCH_ASSOC() function that occurs during the creation of peer associations with hmode greater than 7. An authenticated, remote attacker can exploit this, via a specially crafted packet, to cause a denial of service.
(CVE-2016-2518)

- An overflow condition exists in the ctl_getitem() function in ntpd due to improper validation of user-supplied input when reporting return values. An authenticated, remote attacker can exploit this to cause ntpd to abort. (CVE-2016-2519)

Solution

A fix is available and can be downloaded from the IBM AIX website.

See Also

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc

Plugin Details

Severity: Medium

ID: 102128

File Name: aix_ntp_v3_advisory7.nasl

Version: 3.8

Type: local

Published: 2017/08/03

Updated: 2018/07/17

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 4.4

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:ntp:ntp

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2016/09/06

Vulnerability Publication Date: 2015/12/12

Reference Information

CVE: CVE-2015-7974, CVE-2016-1550, CVE-2016-1551, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519

BID: 81960, 88189, 88204, 88219, 88226, 88261

CERT: 718152