AIX NAS Advisory : nas_advisory1.asc

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of NAS installed that is affected by
multiple vulnerabilities.

Description :

The version of the Network Authentication Service (NAS) installed on
the remote AIX host is affected by the following vulnerabilities
related to Kerberos 5 :

- An attacker can cause a denial of service (buffer
over-read and application crash) by injecting invalid
tokens into a GSSAPI application session.
(CVE-2014-4341)

- An attacker with the ability to spoof packets appearing
to be from a GSSAPI acceptor can cause a denial of
service or execute arbitrary code by using a double-free
condition in GSSAPI initiators (clients) which are using
the SPNEGO mechanism, by returning a different
underlying mechanism than was proposed by the initiator.
(CVE-2014-4343)

- An attacker can cause a denial of service through a NULL
pointer dereference and application crash during a
SPNEGO negotiation, by sending an empty token as the
second or later context token from initiator to
acceptor. (CVE-2014-4344)

See also :

http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html
http://www.nessus.org/u?6b39d08f

Solution :

A fix is available and can be downloaded from the AIX website.

If the NAS fileset level is at 1.5.0.6, then apply the ifix
'1506_fix.140813.epkg.Z'.

If the NAS fileset level is at 1.6.0.1, then apply the ifix
'1601_fix.140813.epkg.Z'.

If the NAS fileset level is at 1.5.0.3/1.5.0.4, then upgrade to
fileset level 1.6.0.1 and apply the ifix '1601_fix.140813.epkg.Z'.

For other fileset levels, upgrade to fileset level 1.5.0.6 and apply
the ifix '1506_fix.140813.epkg.Z'.

These fixes will also be part of the next filesets of NAS versions
1.5.0.7 and 1.6.0.2.

These filesets will be made available by 14th November 2014 and can be
downloaded from the AIX website.

To extract the fixes from the tar file, use the commands :
tar xvf nas1_fix.tar
cd nas1_fix

IMPORTANT : If possible, it is recommended that a mksysb backup of the
system be created. Verify that it is both bootable and readable before
proceeding.

To preview the fix installation, use the command :

installp -a - fix_name -p all

To install the fix package, use the command :

installp -a - fix_name -X all

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 77532 ()

Bugtraq ID: 68909
69159
69160

CVE ID: CVE-2014-4341
CVE-2014-4343
CVE-2014-4344

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now