AIX 7.1 TL 3 : nettcp (IV86117) (SLOTH)
Medium Nessus Plugin ID 92561
Synopsis
The remote AIX host is missing a security patch.
Description
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
Solution
Install the appropriate interim fix.