IBM Support

IV68430: NTP3/NTP4 SECURITY CVE-2014-9293 2014-9294 2014-9295 2014-9296 APPLIES TO AIX 7100-03

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
    -9293
    
    Vulnerability Summary for CVE-2014-9293
    Original release date: 12/19/2014
    Last revised: 12/22/2014
    Overview
    
    The config_auth function in ntpd in NTP before 4.2.7p11,
    when an auth key
    is not configured, improperly generates a key, which
    makes it easier for
    remote attackers to defeat cryptographic protection
    mechanisms via
    a brute-force attack.
    
    Vulnerable software and versions: ntp:4.2.7p11 and
    previous version
    ---------------------------------------------------------
    ---------------
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
    -9294
    
    Vulnerability Summary for CVE-2014-9294
    Original release date: 12/19/2014
    Last revised: 12/22/2014
    Overview
    
    util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230
    uses a weak
    RNG seed, which makes it easier for remote attackers to
    defeat
    cryptographic protection mechanisms via a brute-force
    attack.
    
    Vulnerable software and versions: ntp:4.2.7p230 and
    previous version
    ---------------------------------------------------------
    --------------
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
    -9295
    
    Vulnerability Summary for CVE-2014-9295
    Original release date: 12/19/2014
    Last revised: 12/22/2014
    Overview
    
    Multiple stack-based buffer overflows in ntpd in NTP
    before 4.2.8 allow
    remote attackers to execute arbitrary code via a crafted
    packet, related
    to (1) the crypto_recv function when the Autokey
    Authentication feature
    is used, (2) the ctl_putdata function, and (3) the
    configure function.
    
    
    Vulnerable software and versions: ntp:4.2.7 and previous
    version
    
    ---------------------------------------------------------
    ---------------
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
    -9296
    
    Vulnerability Summary for CVE-2014-9296
    Original release date: 12/19/2014
    Last revised: 12/22/2014
    Overview
    
    The receive function in ntp_proto.c in ntpd in NTP before
    4.2.8 continues
    to execute after detecting a certain authentication
    error, which might
    allow remote attackers to trigger an unintended
    association change via
    crafted packets.
    
    Vulnerable software and versions: ntp:4.2.7 and previous
    version
    

Local fix

Problem summary

  • The buffer overflow vulnerabilities in ntpd may bring down the
    ntpd process.
    The weak default key may allow an attacker to gain
    information regarding the integrity checking and authentication
    encryption schemes. More specifically, the weak default key
    allows access to private mode and control mode queries that
    require authentication, if not restricted by the configuration.
    

Problem conclusion

  • Patches issues by NTP community  incorporated where aplicable
    

Temporary fix

Comments

  • 6100-08 - use AIX APAR IV68426
    6100-09 - use AIX APAR IV68428
    6100-09 - use AIX APAR IV68428
    7100-02 - use AIX APAR IV68429
    7100-03 - use AIX APAR IV68430
    

APAR Information

  • APAR number

    IV68430

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2015-01-09

  • Closed date

    2015-01-28

  • Last modified date

    2015-09-30

  • APAR is sysrouted FROM one or more of the following:

    IV68426

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U865834

       UP15/05/19 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 710

Operating system(s): AIX

Reference #: IV68430

Modified date: 30 September 2015