IBM Support

IV68430: NTP3/NTP4 SECURITY CVE-2014-9293 2014-9294 2014-9295 2014-9296 APPLIES TO AIX 7100-03

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
-9293

Vulnerability Summary for CVE-2014-9293
Original release date: 12/19/2014
Last revised: 12/22/2014
Overview

The config_auth function in ntpd in NTP before 4.2.7p11,
when an auth key
is not configured, improperly generates a key, which
makes it easier for
remote attackers to defeat cryptographic protection
mechanisms via
a brute-force attack.

Vulnerable software and versions: ntp:4.2.7p11 and
previous version
---------------------------------------------------------
---------------
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
-9294

Vulnerability Summary for CVE-2014-9294
Original release date: 12/19/2014
Last revised: 12/22/2014
Overview

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230
uses a weak
RNG seed, which makes it easier for remote attackers to
defeat
cryptographic protection mechanisms via a brute-force
attack.

Vulnerable software and versions: ntp:4.2.7p230 and
previous version
---------------------------------------------------------
--------------
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
-9295

Vulnerability Summary for CVE-2014-9295
Original release date: 12/19/2014
Last revised: 12/22/2014
Overview

Multiple stack-based buffer overflows in ntpd in NTP
before 4.2.8 allow
remote attackers to execute arbitrary code via a crafted
packet, related
to (1) the crypto_recv function when the Autokey
Authentication feature
is used, (2) the ctl_putdata function, and (3) the
configure function.


Vulnerable software and versions: ntp:4.2.7 and previous
version

---------------------------------------------------------
---------------
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
-9296

Vulnerability Summary for CVE-2014-9296
Original release date: 12/19/2014
Last revised: 12/22/2014
Overview

The receive function in ntp_proto.c in ntpd in NTP before
4.2.8 continues
to execute after detecting a certain authentication
error, which might
allow remote attackers to trigger an unintended
association change via
crafted packets.

Vulnerable software and versions: ntp:4.2.7 and previous
version

Local fix

  • 



Problem summary


    

  • The buffer overflow vulnerabilities in ntpd may bring down the
ntpd process.
The weak default key may allow an attacker to gain
information regarding the integrity checking and authentication
encryption schemes. More specifically, the weak default key
allows access to private mode and control mode queries that
require authentication, if not restricted by the configuration.

    



Problem conclusion


    

  • Patches issues by NTP community  incorporated where aplicable

    



Temporary fix


    

  • 



Comments


    

  • 6100-08 - use AIX APAR IV68426
6100-09 - use AIX APAR IV68428
6100-09 - use AIX APAR IV68428
7100-02 - use AIX APAR IV68429
7100-03 - use AIX APAR IV68430

    



APAR Information




    

  • APAR number
    IV68430
    • 

  • Reported component name
    AIX V7.1
    • 

  • Reported component ID
    5765H4000
    • 

  • Reported release
    710
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Submitted date
    2015-01-09
    • 

  • Closed date
    2015-01-28
    • 

  • Last modified date
    2015-09-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IV68426
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    AIX V7.1
    • 

  • Fixed component ID
    5765H4000
    • 



Applicable component levels


    

  • R710  PSY  U865834
       UP15/05/19  I  1000
    • 



PTF to Fileset Mapping








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"AIX 7.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 September 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback