The version of OpenSSL installed on the remote host is affected by the following vulnerabilities :
An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that can allow denial of service attacks via memory leaks.
(CVE-2014-3513)
A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)
An error exists related to session ticket handling that can allow denial of service attacks via memory leaks.
(CVE-2014-3567)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory openssl_advisory11.asc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78772);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/26");
script_cve_id("CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567");
script_bugtraq_id(70574, 70584, 70586);
script_name(english:"AIX OpenSSL Advisory : openssl_advisory11.asc (POODLE)");
script_set_attribute(attribute:"synopsis", value:
"The remote AIX host has a version of OpenSSL installed that is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of OpenSSL installed on the remote host is affected by the
following vulnerabilities :
- An error exists related to DTLS SRTP extension handling
and specially crafted handshake messages that can allow
denial of service attacks via memory leaks.
(CVE-2014-3513)
- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. MitM attackers can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)
- An error exists related to session ticket handling that
can allow denial of service attacks via memory leaks.
(CVE-2014-3567)");
script_set_attribute(attribute:"see_also", value:"https://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc");
script_set_attribute(attribute:"see_also", value:"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/openssl-1.0.1-notes.html");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20141015.txt");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/vulnerabilities.html");
script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf");
script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00");
script_set_attribute(attribute:"solution", value:
"A fix is available and can be downloaded from the AIX website.
IMPORTANT : If possible, it is recommended that a mksysb backup of the
system be created. Verify that it is both bootable and readable before
proceeding.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"AIX Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
exit(0);
}
include("aix.inc");
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This AIX package check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
flag = 0;
#0.9.8.2503
if (aix_check_ifix(release:"5.3", patch:"IV66250s9b", package:"openssl.base", minfilesetver:"0.0.0.0", maxfilesetver:"0.9.8.2503") < 0) flag++;
if (aix_check_ifix(release:"6.1", patch:"IV66250s9b", package:"openssl.base", minfilesetver:"0.0.0.0", maxfilesetver:"0.9.8.2503") < 0) flag++;
if (aix_check_ifix(release:"7.1", patch:"IV66250s9b", package:"openssl.base", minfilesetver:"0.0.0.0", maxfilesetver:"0.9.8.2503") < 0) flag++;
#1.0.1.512
if (aix_check_ifix(release:"5.3", patch:"IV66250s9a", package:"openssl.base", minfilesetver:"1.0.1.500", maxfilesetver:"1.0.1.512") < 0) flag++;
if (aix_check_ifix(release:"6.1", patch:"IV66250s9a", package:"openssl.base", minfilesetver:"1.0.1.500", maxfilesetver:"1.0.1.512") < 0) flag++;
if (aix_check_ifix(release:"7.1", patch:"IV66250s9a", package:"openssl.base", minfilesetver:"1.0.1.500", maxfilesetver:"1.0.1.512") < 0) flag++;
#12.9.8.2503
if (aix_check_ifix(release:"5.3", patch:"IV66250s9c", package:"openssl.base", minfilesetver:"12.0.0.0", maxfilesetver:"12.9.8.2503") < 0) flag++;
if (aix_check_ifix(release:"6.1", patch:"IV66250s9c", package:"openssl.base", minfilesetver:"12.0.0.0", maxfilesetver:"12.9.8.2503") < 0) flag++;
if (aix_check_ifix(release:"7.1", patch:"IV66250s9c", package:"openssl.base", minfilesetver:"12.0.0.0", maxfilesetver:"12.9.8.2503") < 0) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
www.imperialviolet.org/2014/10/14/poodle.html
www.openssl.org/news/openssl-1.0.1-notes.html
www.openssl.org/news/secadv/20141015.txt
www.openssl.org/news/vulnerabilities.html
www.openssl.org/~bodo/ssl-poodle.pdf
www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp