Login or Register to Ask a Question and Join Our Community


AIX

NTP Information Disclosure Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX NTP Information Disclosure Vulnerability
# 1  
Old 07-02-2012
NTP Information Disclosure Vulnerability
Hi All,

How to reslove above Vulnerability,currently we have AIX6.1 OS running,would you please share with me step-by-step procedure

Thanks in advance

Thanks
Murali Muppa
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT HPUX

ntpdate

ntpdate(1M)															       ntpdate(1M)

NAME

       ntpdate - set the date and time via NTP

SYNOPSIS

       [ ] [ key# ] [ authdelay ] [ keyfile ]
	      [ version ] [ samples ] [ timeout ] server[ ... ]

DESCRIPTION

       sets  the local date and time by polling those Network Time Protocol (NTP) server(s) given as the server arguments to determine the correct
       time.  It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a  subset  of  the
       NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of depends on the
       number of servers, the number of polls each time it is run, and the interval between the runs.

       can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot  time.  This
       is useful in some cases to set the clock initially before starting the NTP daemon

       It  is  also possible to run from a cron script. However, it is important to note that with contrived cron scripts is no substitute for the
       NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since does not
       discipline the host clock frequency as does the accuracy using is limited.

       Time adjustments are made by in one of two ways. If determines the clock is in error more than 0.5 seconds, it will simply step the time by
       calling the (see clocks(2)) system routine. If the error is less than 0.5 seconds, it will slew the time by calling  the  (see  adjtime(2))
       system routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when is run by (see
       cron(1M)) every hour or two.

       will decline to set the date if an NTP server daemon (e.g., is running on the same host. When running on a regular basis from as an  alter-
       native to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.

   Command Line Options
       supports the following options:

       Enable the authentication function and specify the key identifier to be
		      used  for authentication. The keys and key identifiers must match in both the client and server key files. The default is to
		      disable the authentication function.

       Force the time to always be slewed using the
		      system call, even if the measured offset is greater than The default is to step the time using the system call if the offset
		      is  greater than Note that, if the offset is much greater than it can take a long time (hours) to slew the clock to the cor-
		      rect value. During this time the host should not be used to synchronize clients.

       Force the time to be stepped using the
		      system call, rather than slewed (default) using the system call. This option should be used when called from a startup  file
		      at boot time.

       Enable the debugging mode, in which
		      will  go	through  all  the  steps,  but	not adjust the local clock.  Information useful for general debugging will also be
		      printed.

       Specify the processing delay to perform an authentication function as
		      the value authdelay, in seconds and fraction (see xntpd(1M) for details). This number is usually small enough to be negligi-
		      ble for most purposes, though specifying a value may improve timekeeping on very slow CPU's.

       Specify the path for the authentication key file as the string
		      keyfile.	The default is This file should be in the format described in

       Specify the NTP version for outgoing packets as the integer version,
		      which can be 1 or 2.  The default is 3. This allows to be used with older NTP versions.

       Specify the number of samples to be acquired from each server as the
		      integer samples, with values from 1 to 8 inclusive. The default is 4.

       Prints the offset measurement, stratum of the server(s) and delay
		      measurement without adjusting the local clock. This is similar to option which gives a more detailed debugging information.

       Divert logging output from the standard output (default) to the system
		      (see syslog(3C)) facility. This is designed primarily for convenience of scripts.

       Specify the maximum waiting time for a server response as the value
		      timeout,	in seconds and fraction. The value is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suit-
		      able for polling across a LAN.

       Direct	      to use an unprivileged port for outgoing packets. This is most useful when behind a firewall, that blocks  incoming  traffic
		      to  privileged  ports, and you want to synchronise with hosts beyond the firewall. Note that the option always uses unprivi-
		      leged ports.

       Prints the     version number and the offset measurement information.

AUTHOR

       was developed by Dennis Ferguson at the University of Toronto.

FILES

       Contains the encryption keys used by

SEE ALSO

       adjtime(2), clocks(2), cron(1M), syslog(3C), ntpq(1M), xntpd(1M), xntpdc(1M).

       DARPA Internet Request For Comments RFC1035 Assigned Numbers.

																       ntpdate(1M)