IBM AIX update for OpenSSL



Published: 2023-01-24
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-3786
CVE-2022-3358
CVE-2022-3602
CWE-ID CWE-119
CWE-326
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
IBM AIX
Operating systems & Components / Operating system

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU68896

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3786

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing the email address field length inside a X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a buffer overflow and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM AIX: 7.1.1 - 7.3.0.1


CPE2.3 External links

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory37.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Inadequate Encryption Strength

EUVDB-ID: #VU68116

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3358

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to decrypt traffic.

The vulnerability exists due to an error in openssl implementation when handling legacy custom ciphers with NID_undef passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions. Under certain conditions openssl can fail to select a proper cipher and use NULL instead, which corresponds to sending data in plain text.

Note, applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM AIX: 7.1.1 - 7.3.0.1


CPE2.3 External links

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory37.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU68895

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-3602

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing the email address field inside  X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a 4-byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that either a CA signs the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM AIX: 7.1.1 - 7.3.0.1


CPE2.3 External links

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory37.asc

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###