Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DB2_105FP7_NIX.NASL
HistoryJan 06, 2016 - 12:00 a.m.

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)

2016-01-0600:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
78
JSON

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by the following vulnerabilities :

  • A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)

  • A denial of service vulnerability exists when processing an ECParameters structure due to an infinite loop that occurs when a specified curve is over a malformed binary polynomial field. A remote attacker can exploit this to perform a denial of service against any system that processes public keys, certificate requests, or certificates. This includes TLS clients and TLS servers with client authentication enabled. (CVE-2015-1788)

  • A privilege escalation vulnerability exists due to an untrusted search path flaw. A local attacker can exploit this, via a specially crafted library that is loaded by a setuid or setgid process, to gain elevated privileges on the system. (CVE-2015-1947)

  • A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)

  • A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

Note that several of these vulnerabilities are due to the bundled GSKit component and the embedded FCM 4.1 libraries.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(87764);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2015-0204",
    "CVE-2015-1788",
    "CVE-2015-1947",
    "CVE-2015-2808",
    "CVE-2015-4000"
  );
  script_bugtraq_id(
    71936,
    73684,
    74733,
    75158,
    79693
  );
  script_xref(name:"CERT", value:"243585");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Linux) (Bar Mitzvah) (FREAK) (Logjam)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the installation of IBM DB2 10.5 running on
the remote host is prior to Fix Pack 7. It is, therefore, affected by
the following vulnerabilities :

  - A security feature bypass vulnerability, known as FREAK
    (Factoring attack on RSA-EXPORT Keys), exists due to the
    support of weak EXPORT_RSA cipher suites with keys less
    than or equal to 512 bits. A man-in-the-middle attacker
    may be able to downgrade the SSL/TLS connection to use
    EXPORT_RSA cipher suites which can be factored in a
    short amount of time, allowing the attacker to intercept
    and decrypt the traffic. (CVE-2015-0204)

  - A denial of service vulnerability exists when processing
    an ECParameters structure due to an infinite loop that
    occurs when a specified curve is over a malformed binary
    polynomial field. A remote attacker can exploit this to
    perform a denial of service against any system that
    processes public keys, certificate requests, or
    certificates. This includes TLS clients and TLS servers
    with client authentication enabled. (CVE-2015-1788)

  - A privilege escalation vulnerability exists due to an
    untrusted search path flaw. A local attacker can exploit
    this, via a specially crafted library that is loaded by
    a setuid or setgid process, to gain elevated privileges
    on the system. (CVE-2015-1947)

  - A security feature bypass vulnerability exists, known as
    Bar Mitzvah, due to improper combination of state data
    with key data by the RC4 cipher algorithm during the
    initialization phase. A man-in-the-middle attacker can
    exploit this, via a brute-force attack using LSB values,
    to decrypt the traffic. (CVE-2015-2808)

  - A man-in-the-middle vulnerability, known as Logjam,
    exists due to a flaw in the SSL/TLS protocol. A remote
    attacker can exploit this flaw to downgrade connections
    using ephemeral Diffie-Hellman key exchange to 512-bit
    export-grade cryptography. (CVE-2015-4000)

Note that several of these vulnerabilities are due to the bundled
GSKit component and the embedded FCM 4.1 libraries.");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21647054#7");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IT07394");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IT08753");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09900");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09964");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1IT09969");
  # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4bbf45ac");
  script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak");
  script_set_attribute(attribute:"see_also", value:"https://weakdh.org/");
  script_set_attribute(attribute:"solution", value:
"Apply IBM DB2 version 10.5 Fix Pack 7 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:TF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:T/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4000");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("db2_installed.nbin");
  script_require_keys("installed_sw/DB2 Server");

  exit(0);
}

include('vcf_extras_db2.inc');

# The remote host's OS is Windows, not Linux.
if (get_kb_item('SMB/db2/Installed'))
  audit(AUDIT_OS_NOT, 'Linux', 'Windows');

var app_info = vcf::ibm_db2::get_app_info();
# DB2 has an optional OpenSSH server that will run on
# windows.  We need to exit out if we picked up the windows
# installation that way.
if ('Windows' >< app_info['platform'])
  audit(AUDIT_HOST_NOT, 'a Linux based operating system');

var constraints = [
   {'min_version':'10.5', 'fixed_version':'10.5.0.7'}
];

vcf::ibm_db2::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_NOTE
);
VendorProductVersionCPE
ibmdb2cpe:/a:ibm:db2

Related

nessus 17
ibm 138
openvas 9
suse 2
cve 3
prion 3
cisa 1
cisco 1
f5 5
kitploit 1
checkpoint_advisories 1
veracode 4
ubuntucve 2
hackerone 2
debiancve 2
openssl 2
fortinet 1
thn 1
checkpoint_security 1
cert 1
huawei 1
atlassian 1
nessus
nessus
IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (Logjam)
2016-01-06 00:00:00
Xerox WorkCentre 4260 / 4265 Multiple Vulnerabilities (XRX15AV) (FREAK) (Logjam)
2015-12-11 00:00:00
SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2015:1181-2) (Logjam)
2015-07-07 00:00:00
ibm
ibm
Security Bulletin: OpenSSL (including FREAK), RC4 stream cipher (Bar Mitzvah), and Diffie-Hellman ciphers (Logjam) vulnerabilities affect Tivoli Storage FlashCopy Manager Unix and VMware (CVE-2015-0204, CVE-2015-2808, CVE-2015-4000)
2018-06-17 15:10:22
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Software Architect , Rational Software Architect for Websphere software and Rational Software Architect Real Time (CVE-2015-4000, CVE-2015-0488, CVE-2015-0478, CVE-2015-02
2018-06-17 05:03:09
Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MQ Light (CVE-2015-1788, CVE-2015-1789, CVE-2015-4000)
2018-06-15 07:03:21
openvas
openvas
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1181-2)
2021-06-09 00:00:00
OpenSSL Denial of Service Vulnerability (20150611 - 1) - Windows
2015-12-01 00:00:00
suse
suse
Security update for OpenSSL (important)
2015-07-03 14:05:21
Security update for OpenSSL (important)
2015-07-03 20:06:29
cve
cve
CVE-2015-1947
2015-12-31 16:59:00
CVE-2015-1788
2015-06-12 19:59:00
CVE-2015-0204
2015-01-09 02:59:00
prion
prion
Design/Logic Flaw
2015-12-31 16:59:00
Authentication flaw
2015-06-12 19:59:00
Code injection
2015-01-09 02:59:00
cisa
cisa
FREAK
2015-03-06 00:00:00
cisco
cisco
OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
2015-01-13 19:57:19
f5
f5
SOL16938 - OpenSSL vulnerability CVE-2015-1788
2015-07-08 00:00:00
K16938 : OpenSSL vulnerability CVE-2015-1788
2015-11-10 00:00:00
K16139 : OpenSSL vulnerability CVE-2015-0204
2015-10-02 00:00:00
kitploit
kitploit
A2SV - Auto Scanning to SSL Vulnerability
2016-08-06 14:46:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Elliptic Curve Binary Polynomial Field Resource Exhaustion (CVE-2015-1788)
2015-08-17 00:00:00
veracode
veracode
Denial Of Service (DoS) Through An Infinite Loop
2017-02-10 05:44:00
Brute Force Decryption
2017-02-10 01:27:34
Information Disclosure
2019-05-02 05:39:15
ubuntucve
ubuntucve
CVE-2015-1788
2015-06-11 00:00:00
CVE-2015-0204
2015-01-08 00:00:00
hackerone
hackerone
Internet Bug Bounty: Malformed ECParameters causes infinite loop
2015-06-11 00:00:00
Internet Bug Bounty: FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers
2015-03-05 16:18:06
debiancve
debiancve
CVE-2015-0204
2015-01-09 02:59:00
CVE-2015-1788
2015-06-12 19:59:00
openssl
openssl
Vulnerability in OpenSSL CVE-2015-1788
2015-06-11 00:00:00
Vulnerability in OpenSSL CVE-2015-0204
2015-01-06 00:00:00
fortinet
fortinet
TLS FREAK Attack
2015-03-04 00:00:00
thn
thn
'FREAK' — New SSL/TLS Vulnerability Explained
2015-03-03 20:30:00
checkpoint_security
checkpoint_security
Check Point response to TLS FREAK Attack (CVE-2015-0204)
2015-03-03 22:00:00
cert
cert
SSL/TLS implementations accept export-grade RSA keys (FREAK attack)
2015-03-06 00:00:00
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
atlassian
atlassian
Update Java version bundled found in the installer to a version >= 1.8u51
2015-07-15 01:43:18
JSON
Related for DB2_105FP7_NIX.NASL
nessus17ibm138openvas9suse2cve3prion3cisa1cisco1f55kitploit1checkpoint_advisories1veracode4ubuntucve2hackerone2debiancve2openssl2fortinet1thn1checkpoint_security1cert1huawei1atlassian1