AIX NTP v3 Advisory : ntp_advisory6.asc (IV83984) (IV83993) (IV83994) (IV83995) (IV84269)

Medium Nessus Plugin ID 92356

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 4.2

Synopsis

The remote AIX host has a version of NTP installed that is affected by multiple vulnerabilities.

Description

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities :

- A flaw exists in the receive() function due to the use of authenticated broadcast mode. A man-in-the-middle attacker can exploit this to conduct a replay attack.
(CVE-2015-7973)

- A NULL pointer dereference flaw exists in ntp_request.c that is triggered when handling ntpdc relist commands.
A remote attacker can exploit this, via a specially crafted request, to crash the service, resulting in a denial of service condition. (CVE-2015-7977)

- An unspecified flaw exists in authenticated broadcast mode. A remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition.
(CVE-2015-7979)

- A flaw exists in ntpq and ntpdc that allows a remote attacker to disclose sensitive information in timestamps. (CVE-2015-8139)

- A flaw exists in the ntpq protocol that is triggered during the handling of an improper sequence of numbers.
A man-in-the-middle attacker can exploit this to conduct a replay attack. (CVE-2015-8140)

- A flaw exists in the ntpq client that is triggered when handling packets that cause a loop in the getresponse() function. A remote attacker can exploit this to cause an infinite loop, resulting in a denial of service condition. (CVE-2015-8158)

Solution

A fix is available and can be downloaded from the IBM AIX website.

See Also

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory6.asc

Plugin Details

Severity: Medium

ID: 92356

File Name: aix_ntp_v3_advisory6.nasl

Version: 1.11

Type: local

Published: 2016/07/18

Updated: 2018/07/17

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 4.2

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:ntp:ntp

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2016/08/16

Vulnerability Publication Date: 2015/10/17

Reference Information

CVE: CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

BID: 81814, 81815, 81816, 81963, 82102, 82105

CERT: 718152