AIX Java Advisory : java_feb2015_advisory.asc (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of Java SDK installed that is
affected by multiple vulnerabilities.

Description :

The version of Java SDK installed on the remote host is affected by
the following vulnerabilities :

- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. MitM attackers can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)

- Information disclosure flaws exist in the font parsing
code in the 2D component in OpenJDK. A specially crafted
font file can exploit boundary check flaws and allow an
untrusted Java applet or application to disclose
portions of the Java Virtual Machine memory.
(CVE-2014-6585, CVE-2014-6591)

- A NULL pointer dereference flaw exists in the
MulticastSocket implementation in the Libraries
component of OpenJDK. An untrusted Java applet or
application can use this flaw to bypass certain
Java sandbox restrictions. (CVE-2014-6587)

- The SSL/TLS implementation in the JSSE component in
OpenJDK fails to properly check whether the
ChangeCipherSpec was received during a SSL/TLS
connection handshake. An MitM attacker can use this
flaw to force a connection to be established without
encryption being enabled. (CVE-2014-6593)

- An unspecified privilege escalation vulnerability exists
in IBM Java Virtual Machine. (CVE-2014-8891)

- An unspecified information disclosure vulnerability
exists in the Libraries component of Oracle Java SE.
(CVE-2015-0400)

- An unspecified information disclosure vulnerability
exists in the Deployment component of Oracle Java SE.
(CVE-2015-0403)

- Unspecified denial of service and information
disclosure vulnerabilities exist in the Deployment
component of Oracle Java SE. (CVE-2015-0406)

- An information disclosure vulnerability exists in the
Swing component in OpenJDK. An untrusted Java applet or
application can use this flaw to bypass certain Java
sandbox restrictions. (CVE-2015-0407)

- Multiple improper permission check vulnerabilities exist
in the JAX-WS, Libraries, and RMI components in OpenJDK.
An untrusted Java applet or application can use these
flaws to bypass Java sandbox restrictions.
(CVE-2015-0412, CVE-2014-6549, CVE-2015-0408)

- A denial of service vulnerability exists in the DER
(Distinguished Encoding Rules) decoder in the Security
component in OpenJDK when handling negative length
values. A specially crafted, DER-encoded input can cause
a Java application to enter an infinite loop when
decoded. (CVE-2015-0410)

See also :

http://www.nessus.org/u?be2ce7c9
http://www.nessus.org/u?aacaab25
http://www.nessus.org/u?70623e16
http://www.nessus.org/u?1d08dc51
http://www.nessus.org/u?4ca2561a
http://www.nessus.org/u?a624fae8
http://www.nessus.org/u?aa3fc787
http://www.nessus.org/u?e42e2673
http://www.nessus.org/u?ae6bb0ba
http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Fixes are available by version and can be downloaded from the IBM AIX
website.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.5
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now