oval:org.mitre.oval:def:28660

Definition Id: oval:org.mitre.oval:def:28660

Oval ID:	oval:org.mitre.oval:def:28660
Title:	Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.
Description:	Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-9295	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03240 HP-UX B.11.31 AND filesets tests NTP.INETSVCS2-BOOT version is less than C.4.2.6.5.0 AND NTP.NTP-AUX version is less than C.4.2.6.5.0 AND NTP.NTP-RUN version is less than C.4.2.6.5.0 OR Criteria meets HP Security Bulletin HPSBUX03240 HP-UX B.11.23 AND InternetSrvcs.INETSVCS2-BOOT is installed AND NOT Patch PHNE_44236 is installed OR Criteria meets HP Security Bulletin HPSBUX03240 HP-UX B.11.11 AND InternetSrvcs.INETSVCS-BOOT is installed AND NOT Patch PHNE_44235 is installed