ID AIX_IV82327.NASL Type nessus Reporter This script is Copyright (C) 2016-2021 Tenable Network Security, Inc. Modified 2016-10-21T00:00:00
Description
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS
protocol could allow weaker than expected security caused by a
collision attack when using the MD5 hash function for signing a
ServerKeyExchange message during a TLS handshake. An attacker could
exploit this vulnerability using man-in-the-middle techniques to
impersonate a TLS server and obtain credentials. IBM AIX does not
require the newest version of TLS by default which could allow a
remote attacker to obtain sensitive information using man in the
middle techniques.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory nettcp_advisory2.asc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(94174);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2015-7575", "CVE-2016-0266");
script_name(english:"AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)");
script_summary(english:"Check for APAR IV82327");
script_set_attribute(
attribute:"synopsis",
value:"The remote AIX host is missing a security patch."
);
script_set_attribute(
attribute:"description",
value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS
protocol could allow weaker than expected security caused by a
collision attack when using the MD5 hash function for signing a
ServerKeyExchange message during a TLS handshake. An attacker could
exploit this vulnerability using man-in-the-middle techniques to
impersonate a TLS server and obtain credentials. IBM AIX does not
require the newest version of TLS by default which could allow a
remote attacker to obtain sensitive information using man in the
middle techniques."
);
script_set_attribute(
attribute:"see_also",
value:"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc"
);
script_set_attribute(
attribute:"solution",
value:"Install the appropriate interim fix."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/26");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/26");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"AIX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
flag = 0;
if (aix_check_ifix(release:"7.1", ml:"03", sp:"05", patch:"IV82327m5a", package:"bos.net.tcp.client", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.47") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"03", sp:"05", patch:"IV82327m5a", package:"bos.net.tcp.server", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.47") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"03", sp:"06", patch:"IV82327s6a", package:"bos.net.tcp.client", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.47") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"03", sp:"06", patch:"IV82327s6a", package:"bos.net.tcp.server", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.47") < 0) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "AIX_IV82327.NASL", "bulletinFamily": "scanner", "title": "AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "published": "2016-10-21T00:00:00", "modified": "2016-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/94174", "reporter": "This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.", "references": ["http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc"], "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "type": "nessus", "lastseen": "2021-01-06T09:17:45", "edition": 26, "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0266", "CVE-2015-7575"]}, {"type": "f5", "idList": ["F5:K02201365", "SOL02201365"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842597", "OPENVAS:1361412562310842593", "OPENVAS:1361412562310882366", "OPENVAS:1361412562310122819", "OPENVAS:1361412562310806952", "OPENVAS:1361412562310703437", "OPENVAS:1361412562310882363", "OPENVAS:1361412562310105549", "OPENVAS:1361412562310120635", "OPENVAS:1361412562310806955"]}, {"type": "nessus", "idList": ["AIX_IV78624.NASL", "AIX_IV88960.NASL", "AIX_IV82331.NASL", "AIX_IV88957.NASL", "AIX_IV86118.NASL", "AIX_IV86119.NASL", "AIX_BIND_NETTCP_ADVISORY2.NASL", "AIX_IV86116.NASL", "AIX_IV82330.NASL", "AIX_IV86132.NASL"]}, {"type": "aix", "idList": ["PCONSOLE_ADVISORY2.ASC", "OPENSSL_ADVISORY16.ASC"]}, {"type": "redhat", "idList": ["RHSA-2016:0007", "RHSA-2016:0012", "RHSA-2016:0008"]}, {"type": "ubuntu", "idList": ["USN-2864-1", "USN-2863-1", "USN-2865-1", "USN-2866-1"]}, {"type": "amazon", "idList": ["ALAS-2016-651", "ALAS-2016-645"]}, {"type": "archlinux", "idList": ["ASA-201601-29"]}, {"type": "centos", "idList": ["CESA-2016:0008", "CESA-2016:0007", "CESA-2016:0012"]}, {"type": "lenovo", "idList": ["LENOVO:PS500048-NOSID"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3436-1:AA225", "DEBIAN:DSA-3437-1:2CB31"]}, {"type": "freebsd", "idList": ["10F7BC76-0335-4A88-B391-0B05B3A8CE1C"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0007", "ELSA-2016-0008", "ELSA-2016-0012"]}, {"type": "mozilla", "idList": ["MFSA2015-150"]}, {"type": "kaspersky", "idList": ["KLA10732"]}], "modified": "2021-01-06T09:17:45", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-01-06T09:17:45", "rev": 2}, "vulnersScore": 4.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94174);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)\");\n script_summary(english:\"Check for APAR IV82327\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82327m5a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82327m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82327s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82327s6a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "AIX Local Security Checks", "pluginID": "94174", "cpe": ["cpe:/o:ibm:aix:7.1"], "scheme": null, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}
{"cve": [{"lastseen": "2020-10-03T12:10:38", "description": "IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.", "edition": 3, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-08-08T01:59:00", "title": "CVE-2016-0266", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0266"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/o:ibm:vios:2.2.3.51", "cpe:/o:ibm:vios:2.2.3.60", "cpe:/o:ibm:vios:2.2.3.0", "cpe:/o:ibm:vios:2.2.2.4", "cpe:/o:ibm:vios:2.2.4.21", "cpe:/o:ibm:vios:2.2.4.10", "cpe:/o:ibm:aix:6.1", "cpe:/o:ibm:vios:2.2.0.11", "cpe:/o:ibm:vios:2.2.0.12", "cpe:/o:ibm:vios:2.2.1.7", "cpe:/o:ibm:vios:2.2.2.0", "cpe:/o:ibm:vios:2.2.3.70", "cpe:/o:ibm:vios:2.2.1.3", "cpe:/o:ibm:vios:2.2.1.9", "cpe:/o:ibm:vios:2.2.1.0", "cpe:/o:ibm:vios:2.2.3.52", "cpe:/o:ibm:vios:2.2.1.5", "cpe:/o:ibm:vios:2.2.2.3", "cpe:/o:ibm:vios:2.2.2.5", "cpe:/o:ibm:aix:7.1", "cpe:/o:ibm:vios:2.2.0.10", "cpe:/o:ibm:vios:2.2.3.50", "cpe:/o:ibm:vios:2.2.2.1", "cpe:/o:ibm:vios:2.2.1.6", "cpe:/o:ibm:vios:2.2.3.3", "cpe:/o:ibm:vios:2.2.3.2", "cpe:/o:ibm:vios:2.2.1.8", "cpe:/o:ibm:vios:2.2.3.4", "cpe:/o:ibm:vios:2.2.4.22", "cpe:/o:ibm:vios:2.2.4.0", "cpe:/o:ibm:vios:2.2.1.1", "cpe:/o:ibm:vios:2.2.1.4", "cpe:/o:ibm:aix:5.3", "cpe:/o:ibm:vios:2.2.0.13", "cpe:/o:ibm:vios:2.2.2.2", "cpe:/o:ibm:vios:2.2.3.1", "cpe:/o:ibm:aix:7.2"], "id": "CVE-2016-0266", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0266", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:ibm:vios:2.2.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.52:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.60:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.51:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.50:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.3.70:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:vios:2.2.0.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:07", "description": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", "edition": 5, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-01-09T02:59:00", "title": "CVE-2015-7575", "type": "cve", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:mozilla:firefox_esr:38.5.0", "cpe:/a:mozilla:firefox_esr:38.0.5", "cpe:/a:mozilla:network_security_services:3.20.1", "cpe:/a:mozilla:firefox:43.0.1", "cpe:/a:mozilla:firefox_esr:38.4.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:mozilla:firefox_esr:38.1.0", "cpe:/a:mozilla:firefox_esr:38.1.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:mozilla:firefox_esr:38.5.1", "cpe:/a:mozilla:firefox_esr:38.2.0", "cpe:/o:opensuse:leap:42.1", "cpe:/a:mozilla:firefox_esr:38.2.1", "cpe:/a:mozilla:firefox_esr:38.3.0", "cpe:/a:mozilla:firefox_esr:38.0.1", "cpe:/a:mozilla:firefox_esr:38.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-7575", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7575", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:43.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-05-08T22:21:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-7575"], "description": "\nF5 Product Development has assigned ID 560969 (BIG-IP, BIG-IQ, and Enterprise Manager), and CPF-18327, CPF-18328, CPF-18329, CPF-18330 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H569457 on the **Diagnostics** > **Identified** > **Medium** screen. \n \nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Medium| TLS connections \nBIG-IP AAM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.4.0 - 11.4.1| Medium| TLS connections \nBIG-IP AFM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.3.0 - 11.4.1| Medium| TLS connections \nBIG-IP Analytics| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1| Medium| TLS connections \nBIG-IP APM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Medium| TLS connections \nBIG-IP ASM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Medium| TLS connections \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Medium| TLS connections \nBIG-IP Link Controller| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Medium| TLS connections \nBIG-IP PEM| 11.5.1 - 11.5.1 HF2 \n11.5.0 - 11.5.0 HF3| 12.0.0 - 12.1.0 \n11.5.1 HF3 - 11.6.0 \n11.5.0 HF4 - 11.5.0 HF7 \n11.3.0 - 11.4.1| Medium| TLS connections \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1 HF1 - HF2| 3.1.1, 3.1.1 HF3 - 3.1.1 HF5| Medium| TLS connections \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| TLS connections \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| TLS connections \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| TLS connections \nBIG-IQ ADC| 4.5.0| None| Medium| TLS connections \nBIG-IQ Centralized Management| 4.6.0| None| Medium| TLS connections \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| TLS connections \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Medium \nLow| FEP implementing HTTPS \nWebUI\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**Mitigating this vulnerability**\n\nData plane\n\n_ECV monitors_: Limit traffic between the BIG-IP system and pool members, to trusted traffic.\n\nControl plane\n\n_Apache_: Limit network access to the management interface, to a secure, management-only network.\n\n_Authentication services_: Limit user authentication services to use only the BIG-IP control plane.\n\n_big3d_: Limit connections to port 4353, to trusted hosts. For more information, refer to [K13250: Overview of port lockdown behavior (10.x - 11.x)](<https://support.f5.com/csp/article/K13250>).\n\n_CMI_: Ensure that the IP address used for ConfigSync is on a trusted network. In addition, ensure that your ConfigSync self IP address is not configured with a **Port Lockdown** setting of **Allow All **(allow-service all).\n\n * [Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH](<http://www.mitls.org/downloads/transcript-collisions.pdf>)\n\n**Note**: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-10-23T20:01:00", "published": "2016-01-23T03:47:00", "id": "F5:K02201365", "href": "https://support.f5.com/csp/article/K02201365", "title": "SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-28T05:23:34", "bulletinFamily": "software", "cvelist": ["CVE-2015-7575"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**Mitigating this vulnerability**\n\nData plane\n\n_ECV monitors_: Limit traffic between the BIG-IP system and pool members, to trusted traffic.\n\nControl plane\n\n_Apache_: Limit network access to the management interface, to a secure, management-only network.\n\n_Authentication services_: Limit user authentication services to use only the BIG-IP control plane.\n\n_big3d_: Limit connections to port 4353, to trusted hosts. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x).\n\n_CMI_: Ensure that the IP address used for ConfigSync is on a trusted network. In addition, ensure that your ConfigSync self IP address is not configured with a **Port Lockdown** setting of **Allow All **(allow-service all).\n\nSupplemental Information\n\n * [Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH](<http://www.mitls.org/downloads/transcript-collisions.pdf>)\n\n**Note**: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-06-01T00:00:00", "published": "2016-01-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/02/sol02201365.html", "id": "SOL02201365", "title": "SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2020-04-07T18:44:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2016-02-16T00:00:00", "id": "OPENVAS:1361412562310105549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105549", "type": "openvas", "title": "F5 BIG-IP - SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105549\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/02/sol02201365.html?sr=51595235\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS Handshake, may be able to successfully generate a hash collision and impersonate a TLS client or server. The vulnerability of CVE-2015-7575 is relevant to cryptography software which supports TLS 1.2 only as earlier versions of TLS used different hash functionality in those protocols.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-16 16:20:45 +0100 (Tue, 16 Feb 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;10.1.0-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.4.0-11.4.1;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.3.0-11.4.1;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;10.1.0-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;10.1.0-10.2.4;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;10.1.0-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.0.0-11.4.1;10.1.0-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.5.1-11.5.1_HF2;11.5.0-11.5.0_HF3;',\n 'unaffected', '12.0.0-12.1.0;11.5.1_HF3-11.6.0;11.5.0_HF4-11.5.0_HF7;11.3.0-11.4.1;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310871535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871535", "type": "openvas", "title": "RedHat Update for nss RHSA-2016:0007-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2016:0007-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871535\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:12 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for nss RHSA-2016:0007-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of\nsecurity-enabled client and server applications.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll nss users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the NSS library must be restarted, or the\nsystem rebooted.\");\n script_tag(name:\"affected\", value:\"nss on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0007-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~19.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.19.1~19.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~19.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.19.1~19.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~19.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~8.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.19.1~8.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~8.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.19.1~8.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~8.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Oracle Linux Local Security Checks ELSA-2016-0012", "modified": "2019-03-14T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310122815", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122815", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0012", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0012.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122815\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 07:47:20 +0200 (Fri, 08 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0012\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0012 - gnutls security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0012\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0012.html\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.3.8~14.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-c++\", rpm:\"gnutls-c++~3.3.8~14.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-dane\", rpm:\"gnutls-dane~3.3.8~14.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~3.3.8~14.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~3.3.8~14.el7_2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~19.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~19.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~19.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~19.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Check the version of nss", "modified": "2019-03-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310882355", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882355", "type": "openvas", "title": "CentOS Update for nss CESA-2016:0007 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss CESA-2016:0007 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882355\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:39 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2016:0007 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of nss\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of\nsecurity-enabled client and server applications.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll nss users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the NSS library must be restarted, or the\nsystem rebooted.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0007\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021602.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~19.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~19.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.19.1~19.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.19.1~19.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~19.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Check the version of gnutls", "modified": "2019-03-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310882366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882366", "type": "openvas", "title": "CentOS Update for gnutls CESA-2016:0012 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2016:0012 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882366\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:31:15 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for gnutls CESA-2016:0012 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of gnutls\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for\ncryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted.\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0012\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021596.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.5~19.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~2.8.5~19.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-guile\", rpm:\"gnutls-guile~2.8.5~19.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~2.8.5~19.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Check the version of gnutls", "modified": "2019-03-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310882357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882357", "type": "openvas", "title": "CentOS Update for gnutls CESA-2016:0012 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gnutls CESA-2016:0012 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882357\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:42 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for gnutls CESA-2016:0012 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of gnutls\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The GnuTLS library provides support for\ncryptographic algorithms and for protocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted.\");\n script_tag(name:\"affected\", value:\"gnutls on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0012\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021600.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~3.3.8~14.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-c++\", rpm:\"gnutls-c++~3.3.8~14.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-dane\", rpm:\"gnutls-dane~3.3.8~14.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~3.3.8~14.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gnutls-utils\", rpm:\"gnutls-utils~3.3.8~14.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Check the version of nss", "modified": "2019-03-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310882360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882360", "type": "openvas", "title": "CentOS Update for nss CESA-2016:0007 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss CESA-2016:0007 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882360\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:57 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2016:0007 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of nss\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of\nlibraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll nss users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the NSS library must be restarted, or the\nsystem rebooted.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0007\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021594.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~8.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~8.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.19.1~8.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.19.1~8.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~8.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310871536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871536", "type": "openvas", "title": "RedHat Update for openssl RHSA-2016:0008-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl RHSA-2016:0008-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871536\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:30:14 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for openssl RHSA-2016:0008-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OpenSSL is a toolkit that implements the\nSecure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols,\nas well as a full-strength, general purpose cryptography library.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\");\n script_tag(name:\"affected\", value:\"openssl on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0008-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00006.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~51.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.1e~42.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "Oracle Linux Local Security Checks ELSA-2016-0008", "modified": "2019-03-14T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310122816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122816", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0008.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122816\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 07:47:20 +0200 (Fri, 08 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0008\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0008 - openssl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0008\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0008.html\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~51.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~51.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.0.1e~51.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~51.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~51.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.1e~42.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.0.1e~42.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.0.1e~42.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssl-static\", rpm:\"openssl-static~1.0.1e~42.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-19T22:11:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7575"], "description": "This host is installed with Mozilla\n Firefox and is prone to spoofing vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2016-01-14T00:00:00", "id": "OPENVAS:1361412562310806953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806953", "type": "openvas", "title": "Mozilla Firefox Spoofing Vulnerability - Jan16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mozilla Firefox Spoofing Vulnerability - Jan16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:firefox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806953\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-7575\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-14 10:52:36 +0530 (Thu, 14 Jan 2016)\");\n script_name(\"Mozilla Firefox Spoofing Vulnerability - Jan16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Mozilla\n Firefox and is prone to spoofing vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to\n Network Security Services (NSS) does not reject MD5 signatures in Server Key\n Exchange messages in TLS 1.2 Handshake Protocol traffic.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n man-in-the-middle attackers to spoof servers by triggering a collision.\");\n\n script_tag(name:\"affected\", value:\"Mozilla Firefox version before 43.0.2 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Mozilla Firefox version 43.0.2\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Mozilla/Firefox/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!ffVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ffVer, test_version:\"43.0.2\"))\n{\n report = 'Installed version: ' + ffVer + '\\n' +\n 'Fixed version: ' + \"43.0.2\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:17:46", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 5.3 TL 12 : nettcp (IV88960) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV88960.NASL", "href": "https://www.tenable.com/plugins/nessus/94181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94181);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 5.3 TL 12 : nettcp (IV88960) (SLOTH)\");\n script_summary(english:\"Check for APAR IV88960\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88960m9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88960m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.6\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV78625.NASL", "href": "https://www.tenable.com/plugins/nessus/94170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94170);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)\");\n script_summary(english:\"Check for APAR IV78625\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"IV78625m5a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.102\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"IV78625m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.101\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 6.1 TL 9 : nettcp (IV79072) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV79072.NASL", "href": "https://www.tenable.com/plugins/nessus/94173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94173);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 6.1 TL 9 : nettcp (IV79072) (SLOTH)\");\n script_summary(english:\"Check for APAR IV79072\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"IV79072s5a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.102\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"IV79072s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.101\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"06\", patch:\"IV79072s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.102\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"06\", patch:\"IV79072s6a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.101\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:18:28", "description": "The version of bind installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - The TLS protocol allows weaker than expected security caused by a\n collision attack when using the MD5 hash function for signing a\n ServerKeyExchange message during a TLS handshake. An attacker can\n exploit this vulnerability using man-in-the-middle techniques to\n impersonate a TLS server and obtain credentials. (CVE-2015-7575)\n\n - IBM AIX does not require the newest version of TLS by default\n which allows a remote attacker to obtain sensitive information\n using man in the middle techniques. (CVE-2016-0266)", "edition": 31, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-10-24T00:00:00", "title": "AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2017-10-24T00:00:00", "cpe": ["cpe:/a:isc:bind", "cpe:/o:ibm:aix"], "id": "AIX_BIND_NETTCP_ADVISORY2.NASL", "href": "https://www.tenable.com/plugins/nessus/104123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104123);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n script_bugtraq_id(79684, 92150);\n\n script_name(english:\"AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)\");\n script_summary(english:\"Checks the version of the bind packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of bind installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of bind installed on the remote AIX host is affected by\nthe following vulnerabilities :\n\n - The TLS protocol allows weaker than expected security caused by a\n collision attack when using the MD5 hash function for signing a\n ServerKeyExchange message during a TLS handshake. An attacker can\n exploit this vulnerability using man-in-the-middle techniques to\n impersonate a TLS server and obtain credentials. (CVE-2015-7575)\n\n - IBM AIX does not require the newest version of TLS by default\n which allows a remote attacker to obtain sensitive information\n using man in the middle techniques. (CVE-2016-0266)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available and can be downloaded from the IBM AIX website.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevel = oslevel - \"AIX-\";\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nsp = oslevelparts[2];\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\naix_bind_vulns = {\n \"5.3\": {\n \"12\": {\n \"09\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"5.3.12.0\",\n \"maxfilesetver\":\"5.3.12.10\",\n \"patch\":\"(IV90056m9a|IV91253m9b|IV93366m9a|IV88957m9a|IV98825m9a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"5.3.12.0\",\n \"maxfilesetver\":\"5.3.12.6\",\n \"patch\":\"(IV90056m9a|IV91253m9b|IV93366m9a|IV88957m9a|IV98825m9a)\"\n }\n }\n }\n },\n \"6.1\": {\n \"09\": {\n \"05\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.102\",\n \"patch\":\"(IV89828m5a|IV79071m5a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.101\",\n \"patch\":\"(IV89828m5a|IV79071m5a)\"\n }\n },\n \"06\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.102\",\n \"patch\":\"(IV89828m6a|IV91254m6b|IV93361m8a|IV79071m6a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.101\",\n \"patch\":\"(IV89828m6a|IV91254m6b|IV93361m8a|IV79071m6a)\"\n }\n },\n \"07\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.102\",\n \"patch\":\"(IV89828m7a|IV91254m7b|IV93361m8a|IV98826m9a|IV86116m7a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"6.1.9.0\",\n \"maxfilesetver\":\"6.1.9.101\",\n \"patch\":\"(IV89828m7a|IV91254m7b|IV93361m8a|IV98826m9a|IV86116m7a)\"\n }\n }\n }\n },\n \"7.1\": {\n \"03\": {\n \"05\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m5a|IV91214m5b|IV82331m5a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m5a|IV91214m5b|IV82331m5a)\"\n }\n },\n \"06\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m6d|IV91214m6a|IV93362m8a|IV82331m6a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m6d|IV91214m6a|IV93362m8a|IV82331m6a)\"\n }\n },\n \"07\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m7a|IV91214m7b|IV93362m8a|IV98827m3a|IV86117m7a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.3.0\",\n \"maxfilesetver\":\"7.1.3.47\",\n \"patch\":\"(IV89830m7a|IV91214m7b|IV93362m8a|IV98827m3a|IV86117m7a)\"\n }\n }\n },\n \"04\": {\n \"00\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m1a|IV86118m2a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m1a|IV86118m2a)\"\n }\n },\n \"01\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m1a|IV91255m1b|IV93363m3a|IV86118m2a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m1a|IV91255m1b|IV93363m3a|IV86118m2a)\"\n }\n },\n \"02\": {\n \"bos.net.tcp.client\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m2a|IV91255m2a|IV93363m3a|IV86118m2a|IV98828m4a)\"\n },\n \"bos.net.tcp.server\": {\n \"minfilesetver\":\"7.1.4.0\",\n \"maxfilesetver\":\"7.1.4.1\",\n \"patch\":\"(IV89829m2a|IV91255m2a|IV93363m3a|IV86118m2a|IV98828m4a)\"\n }\n }\n }\n }\n};\n\nversion_report = \"AIX \" + oslevel;\nif ( empty_or_null(aix_bind_vulns[oslevel]) ) {\n os_options = join( sort( keys(aix_bind_vulns) ), sep:' / ' );\n audit(AUDIT_OS_NOT, os_options, version_report);\n}\n\nversion_report = version_report + \" ML \" + ml;\nif ( empty_or_null(aix_bind_vulns[oslevel][ml]) ) {\n ml_options = join( sort( keys(aix_bind_vulns[oslevel]) ), sep:' / ' );\n audit(AUDIT_OS_NOT, \"ML \" + ml_options, version_report);\n}\n\nversion_report = version_report + \" SP \" + sp;\nif ( empty_or_null(aix_bind_vulns[oslevel][ml][sp]) ) {\n sp_options = join( sort( keys(aix_bind_vulns[oslevel][ml]) ), sep:' / ' );\n audit(AUDIT_OS_NOT, \"SP \" + sp_options, version_report);\n}\n\nforeach package ( keys(aix_bind_vulns[oslevel][ml][sp]) ) {\n package_info = aix_bind_vulns[oslevel][ml][sp][package];\n minfilesetver = package_info[\"minfilesetver\"];\n maxfilesetver = package_info[\"maxfilesetver\"];\n patch = package_info[\"patch\"];\n if (aix_check_ifix(release:oslevel, ml:ml, sp:sp, patch:patch, package:package, minfilesetver:minfilesetver, maxfilesetver:maxfilesetver) < 0) flag++;\n}\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_extra\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.net.tcp.client / bos.net.tcp.server\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-10-29T13:36:30", "edition": 6, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques.\n\nThis plugin has been deprecated to better accommodate iFix supersedence with a forthcoming replacement plugin.", "published": "2016-10-21T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2017-10-11T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=94179", "id": "AIX_IV88957.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2017/10/09. A replacement plugin is forthcoming.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94179);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2017/10/11 14:39:08 $\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 5.3 TL 12 : nettcp (IV88957) (SLOTH) (deprecated)\");\n script_summary(english:\"Check for APAR IV88957\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\n\nThis plugin has been deprecated to better accommodate iFix\nsupersedence with a forthcoming replacement plugin.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. A replacement plugin is forthcoming.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88957m9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88957m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.6\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 27, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-07-27T00:00:00", "title": "AIX 7.2 TL 0 : nettcp (IV86119) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-07-27T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IV86119.NASL", "href": "https://www.tenable.com/plugins/nessus/92563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92563);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 7.2 TL 0 : nettcp (IV86119) (SLOTH)\");\n script_summary(english:\"Check for APAR IV86119\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", patch:\"IV86119s0a\", package:\"bos.net.tcp.imapd\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", patch:\"IV86119s0a\", package:\"bos.net.tcp.pop3d\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", patch:\"IV86119s0a\", package:\"bos.net.tcp.sendmail\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:46", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 5.3 TL 12 : nettcp (IV88959) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV88959.NASL", "href": "https://www.tenable.com/plugins/nessus/94180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94180);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 5.3 TL 12 : nettcp (IV88959) (SLOTH)\");\n script_summary(english:\"Check for APAR IV88959\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88959m9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV88959m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.6\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 7.1 TL 3 : nettcp (IV82330) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV82330.NASL", "href": "https://www.tenable.com/plugins/nessus/94176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94176);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 7.1 TL 3 : nettcp (IV82330) (SLOTH)\");\n script_summary(english:\"Check for APAR IV82330\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82330m5a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82330m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82330m6a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82330m6a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV82328.NASL", "href": "https://www.tenable.com/plugins/nessus/94175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94175);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)\");\n script_summary(english:\"Check for APAR IV82328\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82328m5a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82328m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82328m6a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82328m6a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:17:45", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2016-10-21T00:00:00", "title": "AIX 7.1 TL 3 : nettcp (IV82412) (SLOTH)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0266", "CVE-2015-7575"], "modified": "2016-10-21T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV82412.NASL", "href": "https://www.tenable.com/plugins/nessus/94178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory nettcp_advisory2.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94178);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7575\", \"CVE-2016-0266\");\n\n script_name(english:\"AIX 7.1 TL 3 : nettcp (IV82412) (SLOTH)\");\n script_summary(english:\"Check for APAR IV82412\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575 The TLS\nprotocol could allow weaker than expected security caused by a\ncollision attack when using the MD5 hash function for signing a\nServerKeyExchange message during a TLS handshake. An attacker could\nexploit this vulnerability using man-in-the-middle techniques to\nimpersonate a TLS server and obtain credentials. IBM AIX does not\nrequire the newest version of TLS by default which could allow a\nremote attacker to obtain sensitive information using man in the\nmiddle techniques.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82412s5a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"IV82412s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82412s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"06\", patch:\"IV82412s6a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.47\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "aix": [{"lastseen": "2019-09-13T07:31:28", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0266"], "description": "\nIBM SECURITY ADVISORY\n\nFirst Issued: Fri Dec 2 15:01:37 CST 2016 \n|Updated: Mon May 1 16:30:43 CDT 2017\n|Update: Bulletin updated to include ifix for AIX level 7.1.3\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc\nhttps://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc\nftp://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc\n\n\nSecurity Bulletin: Vulnerability in pConsole impacts AIX (CVE-2016-0266)\n\n\n===============================================================================\n\nSUMMARY:\n\n pConsole on AIX does not support TLS 1.2.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2016-0266\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0266\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0266\n DESCRIPTION: IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default \n to the latest TLS version, which makes it easier for man-in-the-middle \n attackers to obtain sensitive information via unspecified vectors. \n CVSS Base Score: 3.7\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/110911 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n \n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 6.1, 7.1\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n sysmgt.pconsole.rte 6.1.9.0 6.1.9.100 key_w_fs\n | sysmgt.pconsole.rte 7.1.3.0 7.1.3.99 key_w_fs\n sysmgt.pconsole.rte 7.1.4.0 7.1.4.0 key_w_fs\n \n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in the AIX\n user's guide.\n\n Example: lslpp -L | grep -i sysmgt.pconsole.rte\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 6.1.9 IV89739 11/11/16 SP8 key_w_apar\n | 7.1.3 IV93624 N/A N/A key_w_apar\n 7.1.4 IV89737 11/11/16 SP3 key_w_apar\n\n Note:\n\n AIX 6.1.9.5 and below are impacted, but iFixes are\n not available. Recommended remediation for AIX 6.1.9.5 and below\n is to upgrade to a fixed TL/SP.\n\n\n Subscribe to the APARs here:\n\n https://www.ibm.com/support/docview.wss?uid=isg1IV89739\n https://www.ibm.com/support/docview.wss?uid=isg1IV93624\n https://www.ibm.com/support/docview.wss?uid=isg1IV89737\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/pconsole_fix2.tar\n http://aix.software.ibm.com/aix/efixes/security/pconsole_fix2.tar\n https://aix.software.ibm.com/aix/efixes/security/pconsole_fix2.tar \n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 6.1.9.6 IV89739s7a.161024.epkg.Z key_w_fix \n 6.1.9.7 IV89739s7a.161024.epkg.Z key_w_fix\n | 7.1.3.7 IV93624s3b.170308.epkg.Z key_w_fix\n | 7.1.3.8 IV93624s3b.170308.epkg.Z key_w_fix\n | 7.1.3.9 IV93624s3b.170308.epkg.Z key_w_fix\n 7.1.4.0 IV89737s2a.161024.epkg.Z key_w_fix \n 7.1.4.1 IV89737s2a.161024.epkg.Z key_w_fix\n 7.1.4.2 IV89737s2a.161024.epkg.Z key_w_fix\n\n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.1.4.1 is AIX 7100-04-01.\n\n To extract the fixes from the tar file:\n\n tar xvf pconsole_fix2.tar\n cd pconsole_fix2 \n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 <filename>\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n f27d8c51a81b87512253fd3600e6a11a4b4fd084f8d7db2bfd2102e199f0c19b IV89737s2a.161024.epkg.Z key_w_csum\n | 0db6c9f3b964b5f43bf6d1c6b654b96f817a2753b4432e39c303d342d829a7a0 IV93624s3b.170308.epkg.Z key_w_csum\n 9ada0e539df3e862b9f82d2d67dd3ab78be4a15d6c78dfec5f3d2e5a5a1c78c0 IV89739s7a.161024.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n https://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e epkg_name -p # where epkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e epkg_name -X # where epkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Dec 2 15:01:37 CST 2016\n |Updated: Mon May 1 16:30:43 CDT 2017\n |Update: Bulletin updated to include ifix for AIX level 7.1.3\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "edition": 12, "modified": "2017-05-01T16:30:43", "published": "2016-12-02T15:01:37", "id": "PCONSOLE_ADVISORY2.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc", "title": "Vulnerability in pConsole impacts AIX,pConsole on AIX does not support TLS 1.2.", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T19:19:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Jan 29 15:43:20 CST 2016\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc\n\n\nSecurity Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects \n OpenSSL on AIX (CVE-2015-7575)\n\n===============================================================================\n\nSUMMARY:\n\n The MD5 \u201cSLOTH\u201d vulnerability on TLS 1.2 affects OpenSSL on AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n \n CVEID: CVE-2015-7575\n DESCRIPTION: The TLS protocol could allow weaker than expected security \n caused by a collision attack when using the MD5 hash function for \n signing a ServerKeyExchange message during a TLS handshake. An attacker\n could exploit this vulnerability using man-in-the-middle techniques to\n impersonate a TLS server and obtain credentials.\n CVSS Base Score: 7.1\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/109415 for the \n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY \n --------------------------------------------------\n openssl.base 1.0.1.500 1.0.1.515 key_w_fs\n\n \n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n Fixes are available.\n \n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix16.tar\n http://aix.software.ibm.com/aix/efixes/security/openssl_fix16.tar\n https://aix.software.ibm.com/aix/efixes/security/openssl_fix16.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Note that the tar file contains Interim fixes that are based on \n OpenSSL version.\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 101a_fix.160129.epkg.Z openssl.base(1.0.1.515 version) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 2.2.* 101a_fix.160129.epkg.Z openssl.base(1.0.1.515 version) key_w_fix\n\n\n You should verify applying this fix does not cause any \n compatibility issues. The fix disables MD5 signature hash by \n default. If you change the default setting after applying the fix,\n you will expose yourself to the attack described above. IBM \n recommends that you review your entire environment to identify \n other areas where you have enabled the MD5 signature hash and take\n appropriate mitigation and remediation actions.\n \n To extract the fixes from the tar file:\n\n tar xvf openssl_fix16.tar\n cd openssl_fix16\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n bfc26950a361720c2a3692e7dd7f5ae13f782f419b634c34fc42add5b4e83724 101a_fix.160129.epkg.Z key_w_csum\n \n \n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc.sig \n\n B. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nACKNOWLEDGEMENTS:\n\n Reported to IBM by Karthikeyan Bhargavan at INRIA in Paris, France.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Jan 29 15:43:20 CST 2016\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n", "edition": 5, "modified": "2016-01-29T15:43:20", "published": "2016-01-29T15:43:20", "id": "OPENSSL_ADVISORY16.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc", "title": "Vulnerability in MD5 Signature and Hash Algorithm affects OpenSSL on AIX", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n", "modified": "2018-06-06T20:24:27", "published": "2016-01-07T05:00:00", "id": "RHSA-2016:0008", "href": "https://access.redhat.com/errata/RHSA-2016:0008", "type": "redhat", "title": "(RHSA-2016:0008) Moderate: openssl security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll nss users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the NSS library must be restarted, or the\nsystem rebooted.\n", "modified": "2018-06-06T20:24:17", "published": "2016-01-07T05:00:00", "id": "RHSA-2016:0007", "href": "https://access.redhat.com/errata/RHSA-2016:0007", "type": "redhat", "title": "(RHSA-2016:0007) Moderate: nss security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted.\n", "modified": "2018-06-06T20:24:18", "published": "2016-01-07T05:00:00", "id": "RHSA-2016:0012", "href": "https://access.redhat.com/errata/RHSA-2016:0012", "type": "redhat", "title": "(RHSA-2016:0012) Moderate: gnutls security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:25:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0012\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS).\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll gnutls users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the GnuTLS library must be restarted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033634.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033638.html\n\n**Affected packages:**\ngnutls\ngnutls-c++\ngnutls-dane\ngnutls-devel\ngnutls-guile\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0012.html", "edition": 3, "modified": "2016-01-07T22:28:34", "published": "2016-01-07T22:10:02", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/033634.html", "id": "CESA-2016:0012", "title": "gnutls security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-17T03:31:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0008\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033633.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033641.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0008.html", "edition": 5, "modified": "2016-01-07T22:29:21", "published": "2016-01-07T22:09:26", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/033633.html", "id": "CESA-2016:0008", "title": "openssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0007\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nAll nss users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all services linked to the NSS library must be restarted, or the\nsystem rebooted.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033632.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-January/033640.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-sysinit\nnss-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0007.html", "edition": 3, "modified": "2016-01-07T22:29:05", "published": "2016-01-07T22:08:46", "href": "http://lists.centos.org/pipermail/centos-announce/2016-January/033632.html", "id": "CESA-2016:0007", "title": "nss security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "[3.19.1-8.0.1]\n- Added nss-vendor.patch to change vendor\n[3.19.1-8]\n- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol\n- Resolves: Bug 1289881", "edition": 4, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "ELSA-2016-0007", "href": "http://linux.oracle.com/errata/ELSA-2016-0007.html", "title": "nss security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "[1.0.1e-42.2]\n- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2", "edition": 4, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "ELSA-2016-0008", "href": "http://linux.oracle.com/errata/ELSA-2016-0008.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "[3.3.8-14]\n- Prevent downgrade attack to RSA-MD5 in server key exchange.\n[3.3.8-13]\n- Corrected reseed and respect of max_number_of_bits_per_request in\n FIPS140-2 mode. Also enhanced the initial tests. (#1228199)", "edition": 4, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "ELSA-2016-0012", "href": "http://linux.oracle.com/errata/ELSA-2016-0012.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T01:02:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3436-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 08, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2015-7575\n\nKarthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in\nthe TLS 1.2 protocol which could allow the MD5 hash function to be used\nfor signing ServerKeyExchange and Client Authentication packets during a\nTLS handshake. A man-in-the-middle attacker could exploit this flaw to\nconduct collision attacks to impersonate a TLS server or an\nauthenticated TLS client.\n\nMore information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.0.1e-2+deb7u19.\n\nFor the stable distribution (jessie), the testing distribution (stretch)\nand the unstable distribution (sid), this issue was already addressed in\nversion 1.0.1f-1.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2016-01-08T15:35:13", "published": "2016-01-08T15:35:13", "id": "DEBIAN:DSA-3436-1:AA225", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00005.html", "title": "[SECURITY] [DSA 3436-1] openssl security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:21:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3437-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnutls26\nCVE ID : CVE-2015-7575\n\nKarthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in\nthe TLS 1.2 protocol which could allow the MD5 hash function to be used\nfor signing ServerKeyExchange and Client Authentication packets during a\nTLS handshake. A man-in-the-middle attacker could exploit this flaw to\nconduct collision attacks to impersonate a TLS server or an\nauthenticated TLS client.\n\nMore information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u5.\n\nWe recommend that you upgrade your gnutls26 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2016-01-09T12:10:39", "published": "2016-01-09T12:10:39", "id": "DEBIAN:DSA-3437-1:2CB31", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00006.html", "title": "[SECURITY] [DSA 3437-1] gnutls26 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "**Issue Overview:**\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. ([CVE-2015-7575 __](<https://access.redhat.com/security/cve/CVE-2015-7575>)) \n\n\n \n**Affected Packages:** \n\n\nnss\n\n \n**Issue Correction:** \nRun _yum update nss_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nss-debuginfo-3.19.1-19.75.amzn1.i686 \n nss-pkcs11-devel-3.19.1-19.75.amzn1.i686 \n nss-sysinit-3.19.1-19.75.amzn1.i686 \n nss-tools-3.19.1-19.75.amzn1.i686 \n nss-3.19.1-19.75.amzn1.i686 \n nss-devel-3.19.1-19.75.amzn1.i686 \n \n src: \n nss-3.19.1-19.75.amzn1.src \n \n x86_64: \n nss-tools-3.19.1-19.75.amzn1.x86_64 \n nss-debuginfo-3.19.1-19.75.amzn1.x86_64 \n nss-sysinit-3.19.1-19.75.amzn1.x86_64 \n nss-pkcs11-devel-3.19.1-19.75.amzn1.x86_64 \n nss-devel-3.19.1-19.75.amzn1.x86_64 \n nss-3.19.1-19.75.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-02-09T13:30:00", "published": "2016-02-09T13:30:00", "id": "ALAS-2016-645", "href": "https://alas.aws.amazon.com/ALAS-2016-645.html", "title": "Medium: nss", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:57", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "**Issue Overview:**\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. ([CVE-2015-7575 __](<https://access.redhat.com/security/cve/CVE-2015-7575>))\n\n \n**Affected Packages:** \n\n\ngnutls\n\n \n**Issue Correction:** \nRun _yum update gnutls_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnutls-debuginfo-2.8.5-19.15.amzn1.i686 \n gnutls-guile-2.8.5-19.15.amzn1.i686 \n gnutls-2.8.5-19.15.amzn1.i686 \n gnutls-utils-2.8.5-19.15.amzn1.i686 \n gnutls-devel-2.8.5-19.15.amzn1.i686 \n \n src: \n gnutls-2.8.5-19.15.amzn1.src \n \n x86_64: \n gnutls-guile-2.8.5-19.15.amzn1.x86_64 \n gnutls-devel-2.8.5-19.15.amzn1.x86_64 \n gnutls-2.8.5-19.15.amzn1.x86_64 \n gnutls-debuginfo-2.8.5-19.15.amzn1.x86_64 \n gnutls-utils-2.8.5-19.15.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-02-09T13:30:00", "published": "2016-02-09T13:30:00", "id": "ALAS-2016-651", "href": "https://alas.aws.amazon.com/ALAS-2016-651.html", "title": "Medium: gnutls", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "lenovo": [{"lastseen": "2018-02-21T17:02:17", "bulletinFamily": "info", "cvelist": ["CVE-2015-7575"], "description": "**Lenovo Security Advisory**: LEN-4603\n\n**Potential Impact:** An attacker with man-in-the-middle capabilities could decrypt encrypted traffic or impersonate a legitimate client or server\n\n**[Severity](<https://support.lenovo.com/us/en/solutions/ht100758>): **Medium\n\n**Scope of Impact:** Industry-Wide\n\n**Summary Description:**\n\nA flaw was found in the way the TLS 1.2 protocol could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. An attacker with man-in-the-middle capabilities who is able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. \n \nThis vulnerability has been given the name \u201cSecurity Losses from Obsolete and Truncated Transcript Hashes\u201d or \u201cSLOTH\u201d. \n \nWe continue to monitor for practical collision attacks against SHA1 and will issue updated guidance and fixes should they appear.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nUpdate to the most recent software available for your affected product by using the links below. \n\n**Product Impact: **\n", "edition": 1, "modified": "2016-08-14T00:00:00", "published": "2016-08-14T00:00:00", "id": "LENOVO:PS500048-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len_4603", "type": "lenovo", "title": "Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "\nThe Mozilla Project reports:\n\nSecurity researcher Karthikeyan Bhargavan reported an\n\t issue in Network Security Services (NSS) where MD5\n\t signatures in the server signature within the TLS 1.2\n\t ServerKeyExchange message are still accepted. This is an\n\t issue since NSS has officially disallowed the accepting MD5\n\t as a hash algorithm in signatures since 2011. This issues\n\t exposes NSS based clients such as Firefox to theoretical\n\t collision-based forgery attacks.\n\n", "edition": 4, "modified": "2015-12-22T00:00:00", "published": "2015-12-22T00:00:00", "id": "10F7BC76-0335-4A88-B391-0B05B3A8CE1C", "href": "https://vuxml.freebsd.org/freebsd/10f7bc76-0335-4a88-b391-0b05b3a8ce1c.html", "title": "NSS -- MD5 downgrade in TLS 1.2 signatures", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:23", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly \nallowed MD5 to be used for TLS 1.2 connections. If a remote attacker were \nable to perform a man-in-the-middle attack, this flaw could be exploited to \nview sensitive information.", "edition": 5, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "USN-2864-1", "href": "https://ubuntu.com/security/notices/USN-2864-1", "title": "NSS vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:44:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL \nincorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote \nattacker were able to perform a man-in-the-middle attack, this flaw could \nbe exploited to view sensitive information.", "edition": 5, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "USN-2863-1", "href": "https://ubuntu.com/security/notices/USN-2863-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:35:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly \nallowed MD5 to be used for TLS 1.2 connections. If a remote attacker were \nable to perform a man-in-the-middle attack, this flaw could be exploited to \nview sensitive information.", "edition": 5, "modified": "2016-01-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "USN-2865-1", "href": "https://ubuntu.com/security/notices/USN-2865-1", "title": "GnuTLS vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:37:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly \nallowed MD5 to be used for TLS 1.2 connections. If a remote attacker were \nable to perform a man-in-the-middle attack, this flaw could be exploited to \nview sensitive information.", "edition": 5, "modified": "2016-01-08T00:00:00", "published": "2016-01-08T00:00:00", "id": "USN-2866-1", "href": "https://ubuntu.com/security/notices/USN-2866-1", "title": "Firefox vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:23", "bulletinFamily": "info", "cvelist": ["CVE-2015-7575"], "description": "### *Detect date*:\n12/22/2015\n\n### *Severity*:\nWarning\n\n### *Description*:\nLack of security enforcement was found in Mozilla Firefox. By exploiting this vulnerability malicious users can conduct man-in-the-middle attack. This vulnerability can be exploited remotely via a collision-based attacks.\n\n### *Affected products*:\nFirefox versions earlier than 43.0.2 \nFirefox ESR versions earlier than 38.5.2\n\n### *Solution*:\nUpdate to the latest version \n[Download Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla advisory](<https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-7575](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575>)4.3Warning", "edition": 41, "modified": "2020-05-22T00:00:00", "published": "2015-12-22T00:00:00", "id": "KLA10732", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10732", "title": "\r KLA10732Security bypass vulnerability in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:44", "bulletinFamily": "software", "cvelist": ["CVE-2015-7575"], "edition": 1, "description": "Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.", "modified": "2015-12-22T00:00:00", "published": "2015-12-22T00:00:00", "id": "MFSA2015-150", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-150/", "type": "mozilla", "title": "MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7575"], "description": "mbedTLS before 2.2.1 is vulnerable to the SLOTH attack, breaking MD5\nsignatures potentially used during TLS 1.2 handshakes to impersonate a\nTLS server.", "modified": "2016-01-25T00:00:00", "published": "2016-01-25T00:00:00", "id": "ASA-201601-29", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html", "type": "archlinux", "title": "mbedtls: man-in-the-middle", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}