AIX 6.1 TL 9 : ntp (IV83984) (deprecated)

High Nessus Plugin ID 91516

Synopsis

This plugin has been deprecated.

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973 NTP could allow a remote attacker to launch a replay attack. An attacker could exploit this vulnerability using authenticated broadcast mode packets to conduct a replay attack and gain unauthorized access to the system.
NTP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted ntpdc reslist command, an attacker could exploit this vulnerability to cause a segmentation fault. NTP could allow a remote attacker to bypass security restrictions. By sending specially crafted broadcast packets with bad authentication, an attacker could exploit this vulnerability to cause the target broadcast client to tear down the association with the broadcast server. NTP could allow a remote attacker to obtain sensitive information, caused by an origin leak in ntpq and ntpdc. An attacker could exploit this vulnerability to obtain sensitive information. NTP could allow a remote attacker to launch a replay attack. An attacker could exploit this vulnerability using ntpq to conduct a replay attack and gain unauthorized access to the system.
NTP is vulnerable to a denial of service, caused by the improper processing of incoming packets by ntpq. By sending specially crafted data, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

This plugin has been deprecated due to manual logic changes and advisory issues. Use aix_ntp_v3_advisory6.nasl (plugin ID 92356) instead.

Solution

n/a

See Also

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory6.asc

Plugin Details

Severity: High

ID: 91516

File Name: aix_IV83984.nasl

Version: $Revision: 2.4 $

Type: local

Published: 2016/06/09

Modified: 2017/01/19

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/o:ibm:aix:6.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2016/06/08

Vulnerability Publication Date: 2016/06/08

Reference Information

CVE: CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158