IBM AIX NTP Multiple Vulnerabilities (ntp_advisory7.asc)

漏洞类别:AIX

漏洞等级:

漏洞信息

There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.

Affected Platforms:
AIX 5.3, AIX 6.1, AIX 7.1, AIX 7.2
APAR versions:
IV87614, IV87419, IV87615, IV87420, IV87939, IV87278, IV87279

Note:The detection requires root privileges to run “emgr -c” to check for patches. In absence of such privileges, the detection may not output actual results.

漏洞危害

The most severe of the vulnerabilities could allow denial of service. By sending spoofed CRYPTO_NAK or a bad MAC packets with correct origin timestamps, a remote attacker could exploit this vulnerability to cause the autokey association to reset.

解决方案

The vendor has released fixes to resolve this vulnerability. Refer to AIX Advisory to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ntp_advisory7.asc: AIX 5.3, AIX 6.1, AIX 7.1, AIX 7.2

0day

发表评论