Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_STORWIZE_CVE_2015_2808.NASL
HistoryJun 16, 2016 - 12:00 a.m.

IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)

2016-06-1600:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
217
JSON

According to its self-reported version number, the IBM Storwize server running on the remote host is affected by a security feature bypass vulnerability, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91633);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id("CVE-2015-2808");
  script_bugtraq_id(73684);

  script_name(english:"IBM Storwize SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)");
  script_summary(english:"Checks for vulnerable Storwize models.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a security feature bypass
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the IBM Storwize server
running on the remote host is affected by a security feature bypass
vulnerability, known as Bar Mitzvah, due to improper combination of
state data with key data by the RC4 cipher algorithm during the
initialization phase. A man-in-the-middle attacker can exploit this,
via a brute-force attack using LSB values, to decrypt the traffic.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  # https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4bbf45ac");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005213");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=ssg1S1005210");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Storwize version 1.5.2.0 / 7.3.0.10 / 7.4.0.4 / or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2808");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v7000_unified");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v7000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v5000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3700");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3500");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:san_volume_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v5000_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3700_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3500_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_storwize_detect.nbin");
  script_require_ports("Host/IBM/Storwize/version", "Host/IBM/Storwize/machine_major", "Host/IBM/Storwize/display_name");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/IBM/Storwize/version");
machine_major = get_kb_item_or_exit("Host/IBM/Storwize/machine_major");
display_name = get_kb_item_or_exit("Host/IBM/Storwize/display_name");

# audit out if it isn't an affected device
if (
  machine_major != "2073" && # Storwize V7000 Unified";
  machine_major != "2076" && # V7000
  machine_major != "2071" && # V3500
  machine_major != "2077" && # V5000
  machine_major != "2072" && # V3700
  machine_major != "2145"    # SAN Volume Controller
) audit(AUDIT_DEVICE_NOT_VULN, display_name);

if (version == UNKNOWN_VER)
  audit(AUDIT_UNKNOWN_APP_VER, display_name);

# Versions 1.1 thru 7.4 are affected
# 7.4.0.4 and 7.3.0.10 are fixed for non-Unified versions
# 1.5.2.0 is fixed for Unified
if (machine_major != "2073")
{
  if (version =~ "^(1\.[1-9][0-9]*\.|[2-6]\.|7\.[0-2]\.)")
    fix = "7.3.0.10 or 7.4.0.4";
  else if (version =~ "^7\.3\." && ver_compare(ver:version, fix:"7.3.0.10") < 0)
    fix = "7.3.0.10";
  else if (version =~ "^7\.4\." && ver_compare(ver:version, fix:"7.4.0.4") < 0)
    fix = "7.4.0.4";
  else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}
else
{
  if (version =~ "^1\.[3-5]\." && ver_compare(ver:version, fix:"1.5.2.0") < 0)
    fix = "1.5.2.0";
  else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}

if (report_verbosity > 0)
{
  report =
    '\n  Name              : ' + display_name +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_warning(port:0, extra:report);
}
else security_warning(port:0);
VendorProductVersionCPE
ibmstorwize_v7000_unifiedcpe:/h:ibm:storwize_v7000_unified
ibmstorwize_v7000cpe:/h:ibm:storwize_v7000
ibmstorwize_v5000cpe:/h:ibm:storwize_v5000
ibmstorwize_v3700cpe:/h:ibm:storwize_v3700
ibmstorwize_v3500cpe:/h:ibm:storwize_v3500
ibmsan_volume_controllercpe:/h:ibm:san_volume_controller
ibmstorwize_v7000_softwarecpe:/a:ibm:storwize_v7000_software
ibmstorwize_v5000_softwarecpe:/a:ibm:storwize_v5000_software
ibmstorwize_v3700_softwarecpe:/a:ibm:storwize_v3700_software
ibmstorwize_v3500_softwarecpe:/a:ibm:storwize_v3500_software

Related

ibm 175
nessus 11
huawei 1
veracode 1
f5 2
ubuntucve 1
aix 1
prion 1
cve 1
debiancve 1
openvas 3
checkpoint_advisories 1
ibm
ibm
Security Bulletin: Vulnerability in RC4 stream cipher affects OpenPages GRC Platform with Application Server (CVE-2015-2808)
2018-06-15 22:37:00
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Developer for i, Rational Developer for AIX and Linux, and Rational Developer for Power Systems Software (CVE-2015-2808)
2018-08-03 04:23:43
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Functional Tester's Extension for Terminal-based Applications (CVE-2015-2808)
2018-09-29 20:06:32
nessus
nessus
Atlassian JIRA < 6.4.10 / 7.0.0-OD-02 MitM Plaintext Disclosure (Bar Mitzvah)
2015-12-07 00:00:00
AIX 6.1 TL 9 : bos.net.tcp.server (U863668) (Bar Mitzvah)
2015-12-04 00:00:00
IBM HTTP Server SSL/TLS RC4 Stream Cipher Key Invariance (Bar Mitzvah)
2015-12-21 00:00:00
huawei
huawei
Security Advisory - Bar Mitzvah Attack Vulnerability in Huawei Products
2015-09-19 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:39:15
f5
f5
SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-07-08 00:00:00
K16864 : SSL/TLS RC4 vulnerability CVE-2015-2808
2015-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2015-2808
2015-03-31 00:00:00
aix
aix
Vulnerability in RC4 stream cipher affects AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on AIX,Vulnerability in RC4 stream cipher affects ftpd/sendmail_ssl/imapd/popd on VIOS
2015-04-27 15:27:04
prion
prion
Design/Logic Flaw
2015-04-01 02:00:00
cve
cve
CVE-2015-2808
2015-04-01 02:00:00
debiancve
debiancve
CVE-2015-2808
2015-04-01 02:00:00
openvas
openvas
F5 BIG-IP - SOL16864 - SSL/TLS RC4 vulnerability CVE-2015-2808
2015-09-18 00:00:00
SSL/TLS: Report Weak Cipher Suites
2012-03-01 00:00:00
HPE Network Products Multiple Remote Vulnerabilities
2016-11-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Weak SSL RC4 Cipher Suites (CVE-2013-2566; CVE-2015-2808)
2015-05-17 00:00:00
JSON
Related for IBM_STORWIZE_CVE_2015_2808.NASL
ibm175nessus11huawei1veracode1f52ubuntucve1aix1prion1cve1debiancve1openvas3checkpoint_advisories1