Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote multi-function device is affected by multiple
vulnerabilities.

Description :

According to its model number and software version, the remote Xerox
ColorQube device is affected by multiple OpenSSL vulnerabilities :

- A man-in-the-middle (MitM) information disclosure
vulnerability, known as POODLE, exists due to the way
SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining
(CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

- A security feature bypass vulnerability, known as FREAK
(Factoring attack on RSA-EXPORT Keys), exists due to the
support of weak EXPORT_RSA cipher suites with keys less
than or equal to 512 bits. A man-in-the-middle attacker
may be able to downgrade the SSL/TLS connection to use
EXPORT_RSA cipher suites which can be factored in a
short amount of time, allowing the attacker to intercept
and decrypt the traffic. (CVE-2015-0204)

- A heap-based buffer overflow condition exists in the GNU
C Library (glibc) due to improper validation of
user-supplied input to the glibc functions
__nss_hostname_digits_dots(), gethostbyname(), and
gethostbyname2(). This allows a remote attacker to cause
a buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code. This
vulnerability is known as GHOST. (CVE-2015-0235)

See also :

http://www.nessus.org/u?7240b740
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.smacktls.com/#freak
http://www.nessus.org/u?c7a6ddbd

Solution :

Apply the appropriate cumulative update as described in the Xerox
security bulletin in the referenced URL.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 87322 ()

Bugtraq ID: 70574
71936
72325

CVE ID: CVE-2014-3566
CVE-2015-0204
CVE-2015-0235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now