A fix is available
APAR status
Closed as program error.
Error description
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014 -9293 Vulnerability Summary for CVE-2014-9293 Original release date: 12/19/2014 Last revised: 12/22/2014 Overview The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Vulnerable software and versions: ntp:4.2.7p11 and previous version --------------------------------------------------------- --------------- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014 -9294 Vulnerability Summary for CVE-2014-9294 Original release date: 12/19/2014 Last revised: 12/22/2014 Overview util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Vulnerable software and versions: ntp:4.2.7p230 and previous version --------------------------------------------------------- -------------- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014 -9295 Vulnerability Summary for CVE-2014-9295 Original release date: 12/19/2014 Last revised: 12/22/2014 Overview Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Vulnerable software and versions: ntp:4.2.7 and previous version --------------------------------------------------------- --------------- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014 -9296 Vulnerability Summary for CVE-2014-9296 Original release date: 12/19/2014 Last revised: 12/22/2014 Overview The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. Vulnerable software and versions: ntp:4.2.7 and previous version
Local fix
Problem summary
The buffer overflow vulnerabilities in ntpd may bring down the ntpd process. The weak default key may allow an attacker to gain information regarding the integrity checking and authentication encryption schemes. More specifically, the weak default key allows access to private mode and control mode queries that require authentication, if not restricted by the configuration.
Problem conclusion
Patches issues by NTP community incorporated where aplicable
Temporary fix
Comments
6100-08 - use AIX APAR IV68426 6100-09 - use AIX APAR IV68428 6100-09 - use AIX APAR IV68428 7100-02 - use AIX APAR IV68429 7100-03 - use AIX APAR IV68430
APAR Information
APAR number
IV68430
Reported component name
AIX V7.1
Reported component ID
5765H4000
Reported release
710
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2015-01-09
Closed date
2015-01-28
Last modified date
2015-09-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.1
Fixed component ID
5765H4000
Applicable component levels
R710 PSY U865834
UP15/05/19 I 1000
PTF to Fileset Mapping
U865834 bos.net.tcp.client 7.1.3.45
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"AIX 7.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
30 September 2015