AIX OpenSSL Advisory : openssl_advisory9.doc
Medium Nessus Plugin ID 74512
SynopsisThe remote AIX host has a version of OpenSSL installed that is potentially affected by multiple vulnerabilities.
DescriptionThe version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities :
- OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client or server, which forces it to run arbitrary code on a vulnerable client or server. (CVE-2014-0195)
- An attacker could cause a denial of service by exploiting a flaw in the do_ssl3_write function via a NULL pointer dereference. NOTE: Only versions 18.104.22.1680 through 22.214.171.1240 are vulnerable. (CVE-2014-0198)
- An attacker could cause a denial of service by sending an invalid DTLS handshake to an OpenSSL DTLS client, resulting in recursive execution of code and an eventual crash. (CVE-2014-0221)
- An attacker could use a man-in-the-middle (MITM) attack to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. The attacker could decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. (CVE-2014-0224)
- An attacker could cause a denial of service by exploiting OpenSSL's anonymous ECDH cipher suites present within OpenSSL clients. (CVE-2014-3470)
SolutionA fix is available and can be downloaded from the AIX website.
To extract the fixes from the tar file :
- For OpenSSL 1.0.1 version :
zcat openssl-126.96.36.1991.tar.Z | tar xvf -
- For OpenSSL 0.9.8 version :
zcat openssl-0.9.8.2502.tar.Z | tar xvf -
- For OpenSSL 12.9.8 version :
zcat openssl-188.8.131.522.tar.Z | tar xvf
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . openssl
To install the fix package :
installp -aXYd . openssl