AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)
Medium Nessus Plugin ID 94174
SynopsisThe remote AIX host is missing a security patch.
Descriptionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.
SolutionInstall the appropriate interim fix.