AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)

Critical Nessus Plugin ID 84087

Synopsis

The remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.

Description

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities :

 - The Global Security Kit (GSKit) contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use EXPORT_RSA ciphers.
 This allows the attacker to more easily break the encryption and monitor or tamper with the encrypted stream. (CVE-2015-0138)

 - An unspecified flaw exists that allows an attacker to execute code running under a security manager with elevated privileges.(CVE-2015-0192)

 - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

 - Multiple unspecified vulnerabilities exist in multiple Java subcomponents including 2D, Beans, Deployment, JCE, JSSE, and tools. (CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491)

 - An unspecified flaw exists that allows a remote attacker to bypass permission checks and gain access to sensitive information. (CVE-2015-1914)

 - An unspecified flaw exists due to the Socket Extension Provider's handling of TLS and SSL connections. A remote attacker can exploit this to cause a denial of service.
 (CVE-2015-1916)

 - A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)

Solution

Fixes are available by version and can be downloaded from the IBM AIX website.

See Also

http://www.nessus.org/u?edaaf4e5

http://www.nessus.org/u?1889ff01

http://www.nessus.org/u?5ba751ee

http://www.nessus.org/u?ce533d8f

http://www.nessus.org/u?17d05c61

http://www.nessus.org/u?d4595696

http://www.nessus.org/u?9abd5252

http://www.nessus.org/u?4ee03dc1

http://www.nessus.org/u?8f7a066c

https://www.smacktls.com/#freak

http://www.nessus.org/u?4bbf45ac

Plugin Details

Severity: Critical

ID: 84087

File Name: aix_java_april2015_advisory.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2015/06/10

Modified: 2016/05/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:UR

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/06/03

Vulnerability Publication Date: 2005/01/04

Reference Information

CVE: CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-1916, CVE-2015-2808

BID: 71936, 73326, 73684, 74072, 74083, 74094, 74104, 74111, 74119, 74141, 74145, 74147, 74544, 74545, 74645

OSVDB: 15435, 116794, 117855, 119390, 120702, 120705, 120708, 120709, 120710, 120712, 120713, 120714, 121762, 121763, 121764

CERT: 243585