AIX OpenSSL Advisory : openssl_advisory9.doc

medium Nessus Plugin ID 74512
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote AIX host has a version of OpenSSL installed that is potentially affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities :

- OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client or server, which forces it to run arbitrary code on a vulnerable client or server. (CVE-2014-0195)

- An attacker could cause a denial of service by exploiting a flaw in the do_ssl3_write function via a NULL pointer dereference. NOTE: Only versions 1.0.1.500 through 1.0.1.510 are vulnerable. (CVE-2014-0198)

- An attacker could cause a denial of service by sending an invalid DTLS handshake to an OpenSSL DTLS client, resulting in recursive execution of code and an eventual crash. (CVE-2014-0221)

- An attacker could use a man-in-the-middle (MITM) attack to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. The attacker could decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. (CVE-2014-0224)

- An attacker could cause a denial of service by exploiting OpenSSL's anonymous ECDH cipher suites present within OpenSSL clients. (CVE-2014-3470)

Solution

A fix is available and can be downloaded from the AIX website.

To extract the fixes from the tar file :

- For OpenSSL 1.0.1 version :
zcat openssl-1.0.1.511.tar.Z | tar xvf -

- For OpenSSL 0.9.8 version :
zcat openssl-0.9.8.2502.tar.Z | tar xvf -

- For OpenSSL 12.9.8 version :
zcat openssl-12.9.8.2502.tar.Z | tar xvf

IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

See Also

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Plugin Details

Severity: Medium

ID: 74512

File Name: aix_openssl_advisory9.nasl

Version: 1.17

Type: local

Published: 6/13/2014

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:openssl:openssl

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/11/2014

Vulnerability Publication Date: 4/12/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470

BID: 67193, 67898, 67899, 67900, 67901

CERT: 978508