IBM Security Bulletin: Vulnerabilities in NTP affect AIX CVE-2015-7973 CVE-2015-7977 CVE-2015-7979 CVE-2015-8158 | CVE-2015-8139 CVE-2015-8140

There are multiple vulnerabilities in NTP that impact AIX.

CVE(s): CVE-2015-7977, CVE-2015-7973, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

Affected product(s) and affected version(s):

   AIX 5.3, 6.1, 7.1, 7.2
        VIOS 2.2.x

        The following fileset levels are vulnerable:
        
        key_fileset = aix
        
        For NTPv3:

        Fileset             Lower Level  Upper Level KEY
        -----------------------------------------------------
        bos.net.tcp.client  5.3.12.0     5.3.12.10   key_w_fs
        bos.net.tcp.client  6.1.9.0      6.1.9.102   key_w_fs
        bos.net.tcp.client  7.1.3.0      7.1.3.47    key_w_fs
        bos.net.tcp.client  7.1.4.0      7.1.4.1     key_w_fs
        bos.net.tcp.ntp     7.2.0.0      7.2.0.2     key_w_fs
        bos.net.tcp.ntpd    7.2.0.0      7.2.0.2     key_w_fs


        For NTPv4:

        Fileset             Lower Level  Upper Level KEY 
        -----------------------------------------------------
        ntp.rte             6.1.6.0      6.1.6.5     key_w_fs
        ntp.rte             7.1.0.0      7.1.0.5     key_w_fs
        
        Note:  to find out whether the affected filesets are installed 
        on your systems, refer to the lslpp command found in AIX user's guide.

        Example:  lslpp -L | grep -i ntp.rte 

Refer to the following reference URLs for remediation and additional vulnerability details:

Source Bulletin: http://ift.tt/1Q1mBt3

X-Force Database: http://ift.tt/1Q1mu0F
http://ift.tt/1Q1mFcj
http://ift.tt/1Q1ol5w
http://ift.tt/1Q1n3HJ
http://ift.tt/1Q1nEcF
http://ift.tt/1Q1n3rm

from IBM Product Security Incident Response Team http://ift.tt/28L6hen