AIX NTP v4 Advisory : ntp_advisory9.asc (IV96311) (IV96312)
Medium Nessus Plugin ID 102131
SynopsisThe remote AIX host has a version of NTP installed that is affected by multiple vulnerabilities.
DescriptionThe version of NTP installed on the remote AIX host is affected by the following vulnerabilities :
- Multiple stack-based buffer overflow conditions exist in various wrappers around the ctl_putdata() function within file ntpd/ntp_control.c due to improper validation of certain input from the ntp.conf file.
An unauthenticated, remote attacker can exploit these, by convincing a user into deploying a specially crafted ntp.conf file, to cause a denial of service condition or possibly the execution of arbitrary code.
- A stack-based buffer overflow condition exists in the datum_pts_receive() function within file ntpd/refclock_datum.c when handling handling packets from the '/dev/datum' device due to improper validation of certain input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-6462)
- A denial of service vulnerability exists when handling configuration directives. An authenticated, remote attacker can exploit this, via a malformed 'mode' configuration directive, to crash the ntpd daemon.
SolutionA fix is available and can be downloaded from the IBM AIX website.