Oval Definition:oval:org.cisecurity:def:406
Revision Date:2017-01-20Version:14
Title:The MD5 SLOTH vulnerability on TLS 1.2 affects OpenSSL on AIX.
Description:The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-7575
Platform(s):IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis
  • platforms
  • IBM AIX 6.1 is installed
  • OR IBM AIX 7.1 is installed
  • AND filesets
  • File Version Exists
  • openssl.base greater than or equal 1.0.1.500
  • AND openssl.base less than or equal 1.0.1.515
  • AND NOT Interim fix 101a_fix.160129 (vuid: 00F850C34C00012910011516) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 6.1.9.0
  • AND bos.net.tcp.client less than or equal 6.1.9.102
  • AND NOT Interim fix IV86116m7a.160701 (vuid: 00F850C34C00070103075316) is installed
  • OR File Version Exists
  • bos.net.tcp.server greater than or equal 6.1.9.0
  • AND bos.net.tcp.server less than or equal 6.1.9.101
  • AND NOT Interim fix IV86116m7a.160701 (vuid: 00F850C34C00070103075316) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 7.1.3.0
  • AND bos.net.tcp.client less than or equal 7.1.3.47
  • AND NOT Interim fix IV86117m7a.160725 (vuid: 00F850C44C00072516073916) is installed
  • OR File Version Exists
  • bos.net.tcp.server greater than or equal 7.1.3.0
  • AND bos.net.tcp.server less than or equal 7.1.3.47
  • AND NOT Interim fix IV86117m7a.160725 (vuid: 00F850C44C00072516073916) is installed
  • OR File Version Exists
  • bos.net.tcp.client greater than or equal 7.1.4.0
  • AND bos.net.tcp.client less than or equal 7.1.4.1
  • AND NOT Interim fix IV86118m2a.160701 (vuid: 00F850C34C00070107074016) is installed
  • OR File Version Exists
  • bos.net.tcp.server greater than or equal 7.1.4.0
  • AND bos.net.tcp.server less than or equal 7.1.4.1
  • AND NOT Interim fix IV86118m2a.160701 (vuid: 00F850C34C00070107074016) is installed
  • BACK