Detections
Analytics

AIX NTP v3 Advisory : ntp_advisory7.asc (IV87614) (IV87419) (IV87615) (IV87420) (IV87939)

high Nessus Plugin ID 102128

Language:

Synopsis

The remote AIX host has a version of NTP installed that is affected by multiple vulnerabilities.

Description

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities :

 - A time serving flaw exists in the trusted key system due to improper key checks. An authenticated, remote attacker can exploit this to perform impersonation attacks between authenticated peers. (CVE-2015-7974)

 - An information disclosure vulnerability exists in the message authentication functionality in libntp that is triggered during the handling of a series of specially crafted messages. An adjacent attacker can exploit this to partially recover the message digest key.
 (CVE-2016-1550)

 - A flaw exists due to improper filtering of IPv4 'bogon' packets received from a network. An unauthenticated, remote attacker can exploit this to spoof packets to appear to come from a specific reference clock.
 (CVE-2016-1551)

 - A denial of service vulnerability exists that allows an authenticated, remote attacker to manipulate the value of the trustedkey, controlkey, or requestkey via a crafted packet, preventing authentication with ntpd until the daemon has been restarted. (CVE-2016-2517)

 - An out-of-bounds read error exists in the MATCH_ASSOC() function that occurs during the creation of peer associations with hmode greater than 7. An authenticated, remote attacker can exploit this, via a specially crafted packet, to cause a denial of service.
 (CVE-2016-2518)

 - An overflow condition exists in the ctl_getitem() function in ntpd due to improper validation of user-supplied input when reporting return values. An authenticated, remote attacker can exploit this to cause ntpd to abort. (CVE-2016-2519)

Solution

A fix is available and can be downloaded from the IBM AIX website.

See Also

https://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc

Plugin Details

Severity: High

ID: 102128

File Name: aix_ntp_v3_advisory7.nasl

Version: 3.11

Type: local

Published: 8/3/2017

Updated: 12/4/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-1550

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2015-7974

Vulnerability Information

CPE: cpe:/a:ntp:ntp, cpe:/o:ibm:aix

Required KB Items: Host/local_checks_enabled, Host/AIX/version, Host/AIX/lslpp

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/6/2016

Vulnerability Publication Date: 12/12/2015

Reference Information

CVE: CVE-2015-7974, CVE-2016-1550, CVE-2016-1551, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519

BID: 81960, 88189, 88204, 88219, 88226, 88261

CERT: 718152