AIX NAS Advisory : nas_advisory3.asc

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of NAS installed that is affected by
multiple vulnerabilities.

Description :

The version of the Network Authentication Service (NAS) installed on
the remote AIX host is affected by the following vulnerabilities
related to Kerberos 5 :

- Denial of service and remote code execution
vulnerabilities exist due to security context handles
not being properly maintained, allowing an
authenticated, remote attacker to crash the service or
execute arbitrary code using crafted GSSAPI traffic.
(CVE-2014-5352)

- A denial of service vulnerability exists due to improper
handling of zero-byte or unterminated strings.
(CVE-2014-5355)

- Denial of service and remote code execution
vulnerabilities exist which allow an authenticated,
remote attacker to crash the service or execute
arbitrary code using crafted, malformed XDR data.
(CVE-2014-9421)

- A privilege escalation vulnerability exists that allows
an authenticated, remote attacker to gain administrative
access via a flaw in kadmin authorization checks.
(CVE-2014-9422)

- An information disclosure vulnerability allows an
attacker to gain information about process heap memory
from NAS packets. (CVE-2014-9423)

See also :

http://aix.software.ibm.com/aix/efixes/security/nas_advisory3.asc

Solution :

Fixes are available at the 1.5.0.7 and 1.6.0.2 levels of the software
and can be downloaded from the AIX website.

For the NAS fileset level 1.5.0.7,
apply ifix 1507c_fix.150404.epkg.Z if only krb5.client.rte is
installed, otherwise apply 1507s_fix.150407.epkg.Z if krb5.server.rte
is installed.

For the NAS fileset level 1.6.0.2,
apply ifix 1602c_fix.150404.epkg.Z if only krb5.client.rte is
installed, otherwise apply 1602s_fix.150407.epkg.Z if krb5.server.rte
is installed.

For the NAS fileset level 1.5.0.3-1.5.0.4,
upgrade to NAS fileset level 1.6.0.2 and apply ifix
1602c_fix.150404.epkg.Z if only krb5.client.rte is installed,
otherwise apply 1602s_fix.150407.epkg.Z if krb5.server.rte is
installed.

For all other NAS fileset levels,
upgrade to NAS fileset level 1.5.0.7 and apply ifix
1507c_fix.150404.epkg.Z if only krb5.client.rte is installed,
otherwise apply 1507s_fix.150407.epkg.Z if krb5.server.rte is
installed.

Risk factor :

High / CVSS Base Score : 8.7
(CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C)
CVSS Temporal Score : 7.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 83874 ()

Bugtraq ID: 72494
72495
72496
72503
74042

CVE ID: CVE-2014-5352
CVE-2014-5355
CVE-2014-9421
CVE-2014-9422
CVE-2014-9423

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now