AIX Java Advisory : java_july2015_advisory.asc (Logjam)

Critical Nessus Plugin ID 85447

Synopsis

The remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.

Description

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities :

- Java Security Components store plaintext data in memory dumps, which allows a local attacker to gain access to sensitive information. (CVE-2015-1931)

- A flaw exists in the readSerialData() function in class ObjectInputStream.java when handling OIS data, which allows an attacker to execute arbitrary code.
(CVE-2015-2590)

- Multiple flaws exist in the JCE component due to various cryptographic operations using non-constant time comparisons. A remote attacker can exploit this to conduct timing attacks to gain access to sensitive information. (CVE-2015-2601)

- A flaw exists in the ECDH_Derive() function in file ec.c due to missing EC parameter validation when performing ECDH key derivation. A remote attacker can exploit this to access sensitive information.
(CVE-2015-2613)

- An unspecified vulnerability exists in the 2D component that allows a remote attacker to access sensitive information. (CVE-2015-2619, CVE-2015-2637)

- A flaw exists in the RMIConnectionImpl constructor in class RMIConnectionImpl.java due to improper permission checks when creating repository class loaders. An attacker can exploit this to bypass sandbox restrictions and access sensitive information.
(CVE-2015-2621)

- An unspecified flaw exists in the JSSE component when handling the SSL/TLS protocol. A remote attacker can exploit this to gain access to sensitive information.
(CVE-2015-2625)

- An integer overflow condition exists in the International Components for Unicode for C/C++ (ICU4C).
An attacker, using a specially crafted font, can exploit this to crash an application using this library or access memory contents. (CVE-2015-2632)

- A unspecified vulnerability exists in the 2D component that allows a remote attacker to execute arbitrary code. (CVE-2015-2638)

- An unspecified flaw exists in the Deployment component that allows a local attacker to gain elevated privileges. (CVE-2015-2664)

- A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

- An unspecified vulnerability exists in the Deployment component that impacts confidentiality and integrity.
(CVE-2015-4729)

- A flaw exists in class MBeanServerInvocationHandler.java when handling MBean connection proxy classes. An attacker can exploit this to bypass sandbox restrictions and execute arbitrary code. (CVE-2015-4731)

- Multiple flaws exist in classes ObjectInputStream.java and SerialCallbackContext.java related to insufficient context checking. An attacker can exploit these to execute arbitrary code. (CVE-2015-4732)

- A flaw exists in the invoke() method in the class RemoteObjectInvocationHandler.java due to calls to the finalize() method being permitted. An attacker can exploit this to bypass sandbox protections and execute arbitrary code. (CVE-2015-4733)

- An unspecified flaw exists in the Deployment component that allows a local attacker to execute arbitrary code.
(CVE-2015-4736)

- A flaw exists in the Security component when handling Online Certificate Status Protocol (OCSP) responses with no 'nextUpdate'. A remote attacker can exploit this to cause an application to accept a revoked X.509 certificate. (CVE-2015-4748)

- An flaw exists in the query() method in class DnsClient.java due to a failure by the JNDI component's exception handling to release request information. A remote attacker can exploit this to cause a denial of service. (CVE-2015-4749)

- An integer overflow condition exists in the layout engine in the International Components for Unicode for C/C++ (ICU4C). An attacker, using a specially crafted font, can exploit this to crash an application using this library or execute arbitrary code. (CVE-2015-4760)

Solution

Fixes are available by version and can be downloaded from the IBM AIX website.

See Also

http://www.nessus.org/u?fa618d23

http://www.nessus.org/u?1889ff01

http://www.nessus.org/u?5ba751ee

http://www.nessus.org/u?ce533d8f

http://www.nessus.org/u?17d05c61

http://www.nessus.org/u?d4595696

http://www.nessus.org/u?9abd5252

http://www.nessus.org/u?4ee03dc1

http://www.nessus.org/u?8f7a066c

https://weakdh.org/

Plugin Details

Severity: Critical

ID: 85447

File Name: aix_java_july2015_advisory.nasl

Version: $Revision: 1.6 $

Type: local

Published: 2015/08/17

Modified: 2016/05/04

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:oracle:jre, cpe:/a:oracle:jdk

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/31

Vulnerability Publication Date: 2015/03/10

Reference Information

CVE: CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760

BID: 74733, 75784, 75813, 75818, 75823, 75832, 75833, 75850, 75854, 75857, 75861, 75867, 75871, 75874, 75881, 75883, 75890, 75892, 75895, 75985

OSVDB: 122331, 124489, 124617, 124619, 124621, 124622, 124623, 124624, 124625, 124627, 124628, 124629, 124630, 124631, 124633, 124634, 124636, 124637, 124639, 124946