AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)

critical Nessus Plugin ID 84087

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.

Description

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities :

 - The Global Security Kit (GSKit) contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use EXPORT_RSA ciphers.
 This allows the attacker to more easily break the encryption and monitor or tamper with the encrypted stream. (CVE-2015-0138)

 - An unspecified flaw exists that allows an attacker to execute code running under a security manager with elevated privileges.(CVE-2015-0192)

 - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

 - Multiple unspecified vulnerabilities exist in multiple Java subcomponents including 2D, Beans, Deployment, JCE, JSSE, and tools. (CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491)

 - An unspecified flaw exists that allows a remote attacker to bypass permission checks and gain access to sensitive information. (CVE-2015-1914)

 - An unspecified flaw exists due to the Socket Extension Provider's handling of TLS and SSL connections. A remote attacker can exploit this to cause a denial of service.
 (CVE-2015-1916)

 - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)

Solution

Fixes are available by version and can be downloaded from the IBM AIX website.

See Also

http://www.nessus.org/u?edaaf4e5

http://www.nessus.org/u?1889ff01

http://www.nessus.org/u?5ba751ee

http://www.nessus.org/u?ce533d8f

http://www.nessus.org/u?17d05c61

http://www.nessus.org/u?d4595696

http://www.nessus.org/u?9abd5252

http://www.nessus.org/u?4ee03dc1

http://www.nessus.org/u?8f7a066c

https://www.smacktls.com/#freak

http://www.nessus.org/u?4bbf45ac

Plugin Details

Severity: Critical

ID: 84087

File Name: aix_java_april2015_advisory.nasl

Version: 1.11

Type: local

Published: 6/10/2015

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/3/2015

Vulnerability Publication Date: 1/4/2005

Reference Information

CVE: CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-1916, CVE-2015-2808

BID: 71936, 73326, 73684, 74072, 74083, 74094, 74104, 74111, 74119, 74141, 74145, 74147, 74544, 74545, 74645

CERT: 243585