IBM General Parallel File System OpenSSL Security Bypass (Windows)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

A clustered file system on the remote host is affected by a security
vulnerability.

Description :

A version of IBM General Parallel File System (GPFS) 3.5.0.11 or later
but prior to 3.5.0.18 is installed on the remote host. It is,
therefore, affected by an unspecified error that could allow an
attacker to cause usage of weak keying material, leading to simplified
man-in-the-middle attacks.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg3T1020948
http://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
https://www.openssl.org/news/secadv/20140605.txt

Solution :

Upgrade to GPFS 3.5.0.18 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 76428 ()

Bugtraq ID: 67899

CVE ID: CVE-2014-0224

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now