AIX Java Advisory : java_feb2015_advisory.asc (POODLE)

Critical Nessus Plugin ID 81491

Synopsis

The remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.

Description

The version of Java SDK installed on the remote host is affected by the following vulnerabilities :

- A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)

- Information disclosure flaws exist in the font parsing code in the 2D component in OpenJDK. A specially crafted font file can exploit boundary check flaws and allow an untrusted Java applet or application to disclose portions of the Java Virtual Machine memory.
(CVE-2014-6585, CVE-2014-6591)

- A NULL pointer dereference flaw exists in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java applet or application can use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587)

- The SSL/TLS implementation in the JSSE component in OpenJDK fails to properly check whether the ChangeCipherSpec was received during a SSL/TLS connection handshake. An MitM attacker can use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593)

- An unspecified privilege escalation vulnerability exists in IBM Java Virtual Machine. (CVE-2014-8891)

- An unspecified information disclosure vulnerability exists in the Libraries component of Oracle Java SE.
(CVE-2015-0400)

- An unspecified information disclosure vulnerability exists in the Deployment component of Oracle Java SE.
(CVE-2015-0403)

- Unspecified denial of service and information disclosure vulnerabilities exist in the Deployment component of Oracle Java SE. (CVE-2015-0406)

- An information disclosure vulnerability exists in the Swing component in OpenJDK. An untrusted Java applet or application can use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407)

- Multiple improper permission check vulnerabilities exist in the JAX-WS, Libraries, and RMI components in OpenJDK.
An untrusted Java applet or application can use these flaws to bypass Java sandbox restrictions.
(CVE-2015-0412, CVE-2014-6549, CVE-2015-0408)

- A denial of service vulnerability exists in the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK when handling negative length values. A specially crafted, DER-encoded input can cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410)

Solution

Fixes are available by version and can be downloaded from the IBM AIX website.

See Also

http://www.nessus.org/u?be2ce7c9

http://www.nessus.org/u?aacaab25

http://www.nessus.org/u?70623e16

http://www.nessus.org/u?1d08dc51

http://www.nessus.org/u?4ca2561a

http://www.nessus.org/u?a624fae8

http://www.nessus.org/u?aa3fc787

http://www.nessus.org/u?e42e2673

http://www.nessus.org/u?ae6bb0ba

http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels

https://www.imperialviolet.org/2014/10/14/poodle.html

https://www.openssl.org/~bodo/ssl-poodle.pdf

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Plugin Details

Severity: Critical

ID: 81491

File Name: aix_java_feb2015_advisory.nasl

Version: 1.15

Type: local

Published: 2015/02/24

Modified: 2018/07/17

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/02/19

Vulnerability Publication Date: 2014/10/14

Reference Information

CVE: CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412

BID: 70574, 72136, 72137, 72140, 72148, 72154, 72159, 72162, 72165, 72168, 72169, 72173, 72175

CERT: 577193