AIX NTP v4 Advisory : ntp_advisory6.asc (IV83983) (IV83992)
Medium Nessus Plugin ID 92357
Synopsis
The remote AIX host has a version of NTP installed that is affected by multiple vulnerabilities.
Description
The version of NTP installed on the remote AIX host is affected by the following vulnerabilities :
- A flaw exists in the receive() function due to the use of authenticated broadcast mode. A man-in-the-middle attacker can exploit this to conduct a replay attack.
(CVE-2015-7973)
- A NULL pointer dereference flaw exists in ntp_request.c that is triggered when handling ntpdc relist commands.
A remote attacker can exploit this, via a specially crafted request, to crash the service, resulting in a denial of service condition. (CVE-2015-7977)
- An unspecified flaw exists in authenticated broadcast mode. A remote attacker can exploit this, via specially crafted packets, to cause a denial of service condition.
(CVE-2015-7979)
- A flaw exists in ntpq and ntpdc that allows a remote attacker to disclose sensitive information in timestamps. (CVE-2015-8139)
- A flaw exists in the ntpq protocol that is triggered during the handling of an improper sequence of numbers.
A man-in-the-middle attacker can exploit this to conduct a replay attack. (CVE-2015-8140)
- A flaw exists in the ntpq client that is triggered when handling packets that cause a loop in the getresponse() function. A remote attacker can exploit this to cause an infinite loop, resulting in a denial of service condition. (CVE-2015-8158)
Solution
A fix is available and can be downloaded from the IBM AIX website.