AIX OpenSSL Advisory : openssl_advisory4.asc

High Nessus Plugin ID 73562

Synopsis

The remote AIX host is running a vulnerable version of OpenSSL.

Description

The version of OpenSSL running on the remote host is affected by the following vulnerabilities :

- The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884)

- The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165)

- The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110)

- Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131)

- Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333)

Solution

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl-0.9.8.1802.tar.Z | tar xvf - or zcat openssl-fips-12.9.8.1802.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

See Also

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory4.asc

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Plugin Details

Severity: High

ID: 73562

File Name: aix_openssl_advisory4.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2014/04/16

Modified: 2016/05/04

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:ibm:aix

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/08/01

Vulnerability Publication Date: 2012/03/12

Reference Information

CVE: CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131, CVE-2012-2333

BID: 52428, 52764, 53158, 53212, 53476

OSVDB: 80039, 80040, 81223, 81810, 82110