Oval Definition:	oval:org.cisecurity:def:1504
Revision Date: 2017-01-06 Version: 8 Title: Vulnerabilities in NTP affect AIX Description: NTP could allow a local attacker to bypass security restrictions, caused by the failure to use a constant-time memory comparison function when validating the authentication digest on incoming packets. By sending a specially crafted packet with an authentication payload, an attacker could exploit this vulnerability to conduct a timing attack to compute the value of the valid authentication digest. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-1550 Platform(s): IBM AIX 6.1 IBM AIX 7.1 Product(s): Definition Synopsis platforms IBM AIX 6.1 is installed OR IBM AIX 7.1 is installed AND filesets File Version Exists bos.net.tcp.client greater than or equal 5.3.12.0 AND bos.net.tcp.client less than or equal 5.3.12.10 AND NOT Interim fix IV87614m9a.160901 (vuid: 00F850C34C00090106092816) is installed OR File Version Exists bos.net.tcp.client greater than or equal 6.1.9.0 AND bos.net.tcp.client less than or equal 6.1.9.102 AND NOT Interim fix IV87419m7a.160901 (vuid: 00F850C34C00090106091416) is installed OR File Version Exists bos.net.tcp.client greater than or equal 7.1.3.0 AND bos.net.tcp.client less than or equal 7.1.3.47 AND NOT Interim fix IV87615m7a.160901 (vuid: 00F850C34C00090106090416) is installed OR File Version Exists bos.net.tcp.client greater than or equal 7.1.4.0 AND bos.net.tcp.client less than or equal 7.1.4.1 AND NOT Interim fix IV87420m2a.160901 (vuid: 00F850C34C00090106092116) is installed OR File Version Exists ntp.rte greater than or equal 6.1.6.0 AND ntp.rte less than or equal 6.1.6.7 AND NOT Interim fix IV87278s7a.160901 (vuid: 00F850C34C00090107093916) is installed OR File Version Exists ntp.rte greater than or equal 7.1.0.0 AND ntp.rte less than or equal 7.1.0.7 AND NOT Interim fix IV87279s7a.160901 (vuid: 00F850C34C00090106095116) is installed
BACK