AIX OpenSSL Advisory : openssl_advisory13.asc

High Nessus Plugin ID 82900

Synopsis

The remote AIX host has a version of OpenSSL installed that is affected by multiple vulnerabilities.

Description

The version of OpenSSL installed on the remote AIX host is affected by the following vulnerabilities :

- A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

- An invalid read flaw exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.
(CVE-2015-0286)

- A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing.
This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

- A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

- A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

- An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292)

- A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

Solution

A fix is available and can be downloaded from the AIX website.

IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify that it is both bootable and readable before proceeding.

See Also

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Plugin Details

Severity: High

ID: 82900

File Name: aix_openssl_advisory13.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2015/04/20

Modified: 2016/05/04

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:openssl:openssl

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/04/13

Vulnerability Publication Date: 2015/02/25

Reference Information

CVE: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293

BID: 73225, 73227, 73228, 73231, 73232, 73237, 73239

OSVDB: 118817, 119328, 119743, 119755, 119756, 119757, 119761