AIX OpenSSL Advisory : openssl_advisory.asc
Critical Nessus Plugin ID 73559
Synopsis
The remote AIX host is running a vulnerable version of OpenSSL.
Description
The version of OpenSSL running on the remote host is affected by the following vulnerabilities :
- In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines e_ubsec.c, which has an unspecified impact and context-dependent attack vectors. (CVE-2009-3245)
- The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. (CVE-2010-0433)
- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. (CVE-2010-0740)
Solution
A fix is available, and it can be downloaded from the AIX website.
To extract the fixes from the tar file :
zcat openssl.0.9.8.1103.tar.Z | tar xvf - or zcat openssl-fips.12.9.8.1103.tar.Z | tar xvf - or zcat openssl.0.9.8.806.tar.Z | tar xvf -
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . openssl
To install the fix package :
installp -aXYd . openssl