Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the sntp program. By sending specially crafted NTP packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) could allow a remote attacker to obtain sensitive information, caused by a memory leak in CRYPTO_ASSOC. An attacker could exploit this vulnerability to obtain sensitive information. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in ntp_crypto.c. An attacker could exploit this vulnerability using a packet containing an extension field with an invalid value for the length of its value field to cause ntpd to crash. Network Time Protocol (NTP) is vulnerable to a denial of service, caused by an error in the remote configuration functionality. By sending a specially crafted configuration file, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. Network Time Protocol (NTP) is vulnerable to a buffer overflow, caused by improper bounds checking by the refclock of ntpd. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Network Time Protocol (NTP) is vulnerable to a denial of service, caused by ASSERT botch instead of returning FAIL on some invalid values by the decodenetnum() function. An attacker could exploit this vulnerability to cause a denial of service.

This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin id 102321).


# (C) Tenable Network Security, Inc.
# The text in the description was extracted from AIX Security
# Advisory ntp_advisory4.asc.
# Disabled on 2017/07/20. Deprecated by aix_ntp_v3_advisory8.nasl.


if (description)
  script_cvs_date("Date: 2018/07/20  0:18:51");

  script_cve_id("CVE-2015-5219", "CVE-2015-7691", "CVE-2015-7692", "CVE-2015-7701", "CVE-2015-7702", "CVE-2015-7850", "CVE-2015-7853", "CVE-2015-7855");
  script_xref(name:"TRA", value:"TRA-2015-04");

  script_name(english:"AIX 7.2 TL 0 : ntp (IV79945) (deprecated)");
  script_summary(english:"Check for APAR IV79945");

    value:"This plugin has been deprecated."
This plugin has been deprecated to better accommodate iFix
supersedence with replacement plugin aix_ntp_v3_advisory4.nasl (plugin
id 102321)."

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/22");

  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");


exit(0, "This plugin has been deprecated. Use aix_ntp_v3_advisory4.nasl (plugin ID 102321) instead.");


if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.2", ml:"00", sp:"01", patch:"IV79945s1a", package:"", minfilesetver:"", maxfilesetver:"") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"00", sp:"01", patch:"IV79945s1a", package:"", minfilesetver:"", maxfilesetver:"") < 0) flag++;

if (flag)
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
else audit(AUDIT_HOST_NOT, "affected");