Oval Definition:oval:org.mitre.oval:def:28660
Revision Date:2015-05-18Version:21
Title:Potential security vulnerabilities have been identified with HP-UX running NTP. Thesecould be exploited remotely to execute code, create a Denial of Service (DoS), or othervulnerabilities.
Description:Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-9295
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX03240
  • HP-UX B.11.31
  • AND filesets tests
  • NTP.INETSVCS2-BOOT version is less than C.4.2.6.5.0
  • OR NTP.NTP-AUX version is less than C.4.2.6.5.0
  • OR NTP.NTP-RUN version is less than C.4.2.6.5.0
  • OR Criteria meets HP Security Bulletin HPSBUX03240
  • HP-UX B.11.23
  • AND InternetSrvcs.INETSVCS2-BOOT is installed
  • AND NOT Patch PHNE_44236 is installed
  • OR Criteria meets HP Security Bulletin HPSBUX03240
  • HP-UX B.11.11
  • AND InternetSrvcs.INETSVCS-BOOT is installed
  • AND NOT Patch PHNE_44235 is installed
    • BACK