AIX 7.1 TL 0 : ntp4 (IV71096)
Medium Nessus Plugin ID 84493
SynopsisThe remote AIX host is missing a security patch.
Descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization.
SolutionInstall the appropriate interim fix.