漏洞信息
AIX is prone to the following vulnerabilities:
The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. (CVE-2015-7575)
IBM AIX does not require the newest version of TLS by default which could allow a remote attacker to obtain sensitive information using man in the middle techniques. (CVE-2016-0266)
Affected Platforms:
AIX
Note:The detection requires root privileges to run "emgr -c" to check for patches. In absence of such privileges, the detection may not output actual results.
漏洞危害
An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.
解决方案
The vendor has released fixes to resolve this vulnerability. Refer to AIX Advisory to obtain more information
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论