AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)
Medium Nessus Plugin ID 94170
SynopsisThe remote AIX host is missing a security patch.
Descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
SolutionInstall the appropriate interim fix.