Synopsis
The remote host has software installed that is affected by multiple vulnerabilities.
Description
The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries :
- An error exists in the libcURL and OpenSSL libraries related to an IP address that uses a wildcard in the subject's Common Name (CN) field of an X.509 certificate. A man-in-the-middle attacker can exploit this issue to spoof SSL servers. (CVE-2014-0139)
- An error exists in the OpenSSL library related to 'ec point format extension' handling and multithreaded clients that allows freed memory to be overwritten during a resumed session. (CVE-2014-3509)
- An error exists in the OpenSSL library related to handling fragmented 'ClientHello' messages that allow a man-in-the-middle attacker to force usage of TLS 1.0 regardless of higher protocol levels being supported by both the server and the client. (CVE-2014-3511)
- A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
- An information disclosure flaw exists in the Java library within the 'share/classes/sun/security/rsa/RSACore.java' class related to 'RSA blinding' caused during operations using private keys and measuring timing differences. This allows a remote attacker to gain information about used keys. (CVE-2014-4244)
- A flaw exists in the Java library within the 'validateDHPublicKey' function in the 'share/classes/sun/security/util/KeyUtil.java' class which is triggered during the validation of Diffie-Hellman public key parameters. This allows a remote attacker to recover a key. (CVE-2014-4263)
- A NULL pointer dereference error exists in the OpenSSL library related to handling Secure Remote Password protocol (SRP) that allows a malicious server to crash a client, resulting in a denial of service.
(CVE-2014-5139)
Solution
Upgrade to IBM Rational ClearQuest 7.1.2.16 / 8.0.0.13 / 8.0.1.6 or later.
Plugin Details
File Name: ibm_rational_clearquest_8_0_1_6.nasl
Agent: windows
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:ibm:rational_clearquest
Required KB Items: installed_sw/IBM Rational ClearQuest, Settings/ParanoidReport
Exploit Ease: Exploits are available
Patch Publication Date: 12/10/2014
Vulnerability Publication Date: 4/15/2014
Reference Information
CVE: CVE-2014-0139, CVE-2014-3509, CVE-2014-3511, CVE-2014-3566, CVE-2014-4244, CVE-2014-4263, CVE-2014-5139
BID: 66458, 68624, 68636, 69077, 69079, 69084, 70574