AIX 7.1 TL 3 : ntp (IV74261)
Medium Nessus Plugin ID 85604
SynopsisThe remote AIX host is missing a security patch.
DescriptionThe remote AIX host has a version of Network Time Protocol (NTP) installed that is affected by a denial of service vulnerability due to a flaw in the symmetric-key feature in the receive() function in file ntp_proto.c when receiving certain invalid packets, which causes state-variable updates to be performed. A man-in-the-middle attacker can exploit this, by spoofing the source IP of a peer, to cause a synchronization loss.
SolutionInstall the appropriate interim fix according to the vendor advisory.