Oval Definition:oval:org.cisecurity:def:408
Revision Date:2016-03-11Version:11
Title:A vulnerability in NTPv3 affects AIX.
Description:The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-1799
Platform(s):IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis
  • platforms
  • IBM AIX 6.1 is installed
  • OR IBM AIX 7.1 is installed
  • AND filesets
  • File Version Exists
  • bos.net.tcp.client greater than or equal 6.1.0.0
  • AND bos.net.tcp.client less than or equal 6.1.8.20
  • AND NOT Interim fix IV74263s6a.150714 (vuid: 00F850C34C00071402074615) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 6.1.0.0
  • AND bos.net.tcp.client less than or equal 6.1.9.45
  • AND NOT Interim fix IV73783s5a.150714 (vuid: 00F850C34C00071403070615) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 7.1.0.0
  • AND bos.net.tcp.client less than or equal 7.1.2.20
  • AND NOT Interim fix IV74262s6a.150714 (vuid: 00F850C34C00071403071515) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 7.1.0.0
  • AND bos.net.tcp.client less than or equal 7.1.3.45
  • AND NOT Interim fix IV74261s5a.150714 (vuid: 00F850C34C00071403072315) is installed
    • BACK