AIX 5.3 TL 12 : sendmail (IV75967) (Logjam)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host is missing a security patch.

Description :

The TLS protocol could allow a remote attacker to obtain sensitive
information, caused by the failure to properly convey a DHE_EXPORT
ciphersuite choice. An attacker could exploit this vulnerability using
man-in-the-middle techniques to force a downgrade to 512-bit
export-grade cipher. Successful exploitation could allow an attacker
to recover the session key as well as modify the contents of the
traffic. This vulnerability is commonly referred to as 'Logjam'.

See also :

http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc

Solution :

Install the appropriate interim fix.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: AIX Local Security Checks

Nessus Plugin ID: 85515 ()

Bugtraq ID:

CVE ID: CVE-2015-4000

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now