AIX Java Advisory : java_oct2014_advisory.asc (POODLE)
Critical Nessus Plugin ID 79626
SynopsisThe remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.
DescriptionThe version of Java SDK installed on the remote host is affected by the following vulnerabilities :
- A privilege escalation vulnerability in the IBM Java SDK allows a local attacker to inject arbitrary code into the shared classes cache due to a flaw in the default configuration for the shared classes feature. Other users are able to execute the injected code, which can allow the attacker to gain elevated privileges.
- Oracle Java contains the flaw related to SSLv3 CBC-mode ciphers known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
- Vulnerabilities in Oracle Java allow remote code execution via flaws in the Deployment subcomponent.
(CVE-2014-4288, CVE-2014-6492, CVE-2014-6493, CVE-2014-6503, CVE-2014-6532)
- A session hijacking vulnerability exists in Oracle Java due to a flaw related to handling of server certificate changes during SSL/TLS renegotiation. This allows an attacker to intercept communication between a client and server to hijack a mutually authenticated session.
- Privilege escalation vulnerabilities exist in Oracle Java within the the Deployment subcomponent.
- Data integrity vulnerabilities exist in Oracle Java within the the Deployment subcomponent. (CVE-2014-6476, CVE-2014-6515, CVE-2014-6527)
- A privilege escalation vulnerability exists in Oracle Java in the resource bundle handling code of the 'LogRecord::readObject' function within the file 'share/classes/java/util/logging/LogRecord.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6502)
- A privilege escalation vulnerability exists in Oracle Java within the property processing and name handling code of 'share/classes/java/util/ResourceBundle.java', which allows an attacker to bypass certain sandbox restrictions. (CVE-2014-6506)
- Oracle Java contains an unspecified vulnerability in the 2D subcomponent. (CVE-2014-6511)
- An information disclosure vulnerability exists in Oracle Java due to a flaw related to the wrapping of datagram sockets in the DatagramSocket implementation. This issue may cause packets to be read that originate from other sources than the connected, thus allowing a remote attacker to carry out IP spoofing. (CVE-2014-6512)
- A flaw exists in the way splash images are handled by 'windows/native/sun/awt/splashscreen/splashscreen_sys.c' which allows remote code execution. (CVE-2014-6513)
- A privilege escalation vulnerability exists in Oracle Java in 'share/classes/java/util/logging/Logger.java' because it fails to check permissions in certain cases, allowing an attacker to bypass sandbox restrictions and view or edit logs. (CVE-2014-6531)
- A flaw related to input cipher streams within the file 'share/classes/javax/crypto/CipherInputStream.java' can allow a remote attacker to affect the data integrity.
SolutionFixes are available by version and can be downloaded from the IBM AIX website.