Synopsis
The remote AIX host has a version of Java SDK installed that is affected by multiple vulnerabilities.
Description
The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities :
- The Global Security Kit (GSKit) contains a flaw due to improper restrictions of TLS state transitions. A man-in-the-middle attacker can exploit this to downgrade the security of a session to use EXPORT_RSA ciphers.
This allows the attacker to more easily break the encryption and monitor or tamper with the encrypted stream. (CVE-2015-0138)
- An unspecified flaw exists that allows an attacker to execute code running under a security manager with elevated privileges.(CVE-2015-0192)
- A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)
- Multiple unspecified vulnerabilities exist in multiple Java subcomponents including 2D, Beans, Deployment, JCE, JSSE, and tools. (CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491)
- An unspecified flaw exists that allows a remote attacker to bypass permission checks and gain access to sensitive information. (CVE-2015-1914)
- An unspecified flaw exists due to the Socket Extension Provider's handling of TLS and SSL connections. A remote attacker can exploit this to cause a denial of service.
(CVE-2015-1916)
- A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)
Solution
Fixes are available by version and can be downloaded from the IBM AIX website.
Plugin Details
File Name: aix_java_april2015_advisory.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:ibm:aix, cpe:/a:oracle:jre, cpe:/a:oracle:jdk
Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version
Exploit Ease: No known exploits are available
Patch Publication Date: 6/3/2015
Vulnerability Publication Date: 1/4/2005
Reference Information
CVE: CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-1916, CVE-2015-2808
BID: 71936, 73326, 73684, 74072, 74083, 74094, 74104, 74111, 74119, 74141, 74145, 74147, 74544, 74545, 74645