[4eyes] FW: [COE #60209] [UCSB-OIT #626428] Vulnerabilities Found on 128.111.28.116

Byungkyu Kang bkang at umail.ucsb.edu
Thu Jun 26 23:43:16 PDT 2014 

Hi Matthew,

This one is my linux machine. I will update this machine immediately.

Sorry for causing this issue again.
Thanks,

Jay


> On Jun 26, 2014, at 11:36 PM, "Matthew Turk" <mturk at cs.ucsb.edu> wrote:
> 
> Here is the second vulnerability notice....
> 
> -----Original Message-----
> From: Tier II Support Issues via CoE Support [mailto:help at engineering.ucsb.edu] 
> Sent: Wednesday, June 25, 2014 8:10 PM
> To: holl at cs.ucsb.edu; mturk at cs.ucsb.edu
> Subject: [COE #60209] [UCSB-OIT #626428] Vulnerabilities Found on 128.111.28.116
> 
> The following reply has been made regarding CoE Support ticket #60209:
> 
> Please forward this one as well.
> 
> Thanks,
> 
> Jeff
> 
> 
>> On Wed Jun 25 12:09:18 2014, vsc at oit.ucsb.edu wrote:
>> Greetings:
>> 
>> Our vulnerability scanner has found a potentially vulnerable host on 
>> your network. You should consider taking the recommended actions 
>> mentioned in this report in order to reduce the chances of this host 
>> being abused by an attacker. If you believe any part of this report to 
>> be incorrect, please let us know so that we can work to improve our 
>> reporting accuracy.
>> 
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> Here is information about potential vulnerabilities that were found:
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> IP : 128.111.28.116
>> Name : ilab-116.cs.ucsb.edu
>> Scan Time : Tue Jun 24 14:03:35 2014
>> Service : http (80/tcp)
>> Script ID : 10677
>> Synopsis :
>> 
>> The remote web server discloses information about its status.
>> 
>> Description :
>> 
>> It is possible to obtain an overview of the remote Apache web 
>> server's activity and performance by requesting the URL 
>> '/server- status'. This overview includes information such 
>> as current hosts and requests being processed, the number of workers 
>> idle and service requests, and CPU utilization.
>> 
>> Solution :
>> 
>> If required, update Apache's configuration file(s) to either 
>> disable mod_status or ensure that access is limited to valid users / 
>> hosts.
>> 
>> CVSS Base Score : 5.0
>> (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
>> 
>> Other references : OSVDB:561
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> IP : 128.111.28.116
>> Name : ilab-116.cs.ucsb.edu
>> Scan Time : Tue Jun 24 14:03:35 2014
>> Service : https (443/tcp)
>> Script ID : 74326
>> Synopsis :
>> 
>> The remote host is affected by a vulnerability that could allow 
>> sensitive data to be decrypted.
>> 
>> Description :
>> 
>> The OpenSSL service on the remote host is vulnerable to a 
>> man-in-the-middle (MiTM) attack, based on its response to two 
>> consecutive 'ChangeCipherSpec' messages during the incorrect 
>> phase of an SSL/TLS handshake.
>> 
>> This flaw could allow a MiTM attacker to decrypt or forge SSL messages 
>> by telling the service to begin encrypted communications before key 
>> material has been exchanged, which causes predictable keys to be used 
>> to secure future traffic.
>> 
>> Note that Nessus has only tested for an SSL/TLS MiTM vulnerability 
>> (CVE-2014-0224). However, Nessus has inferred that the OpenSSL service 
>> on the remote host is also affected by six additional vulnerabilities 
>> that were disclosed in OpenSSL's June 5th, 2014 security advisory
>> :
>> 
>> - An error exists in the function 'ssl3_read_bytes' that 
>> could allow data to be injected into other sessions or allow denial of 
>> service attacks. Note this issue is only exploitable if 
>> 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
>> 
>> - An error exists related to the implementation of the Elliptic Curve 
>> Digital Signature Algorithm (ECDSA) that could allow nonce disclosure 
>> via the 'FLUSH+RELOAD' cache side-channel attack. 
>> (CVE-2014-0076)
>> 
>> - A buffer overflow error exists related to invalid DTLS fragment 
>> handling that could lead to execution of arbitrary code. Note this 
>> issue only affects OpenSSL when used as a DTLS client or server. 
>> (CVE-2014-0195)
>> 
>> - An error exists in the function 'do_ssl3_write' that could 
>> allow a null pointer to be dereferenced leading to denial of service 
>> attacks. Note this issue is exploitable only if 
>> 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
>> 
>> - An error exists related to DTLS handshake handling that could lead 
>> to denial of service attacks. Note this issue only affects OpenSSL 
>> when used as a DTLS client.
>> (CVE-2014-0221)
>> 
>> - An unspecified error exists related to anonymous ECDH ciphersuites 
>> that could allow denial of service attacks. Note this issue only 
>> affects OpenSSL TLS clients. (CVE-2014-3470)
>> 
>> OpenSSL did not release individual patches for these vulnerabilities, 
>> instead they were all patched under a single version release. Note 
>> that the service will remain vulnerable after patching until the 
>> service or host is restarted.
>> 
>> See also :
>> 
>> http://www.nessus.org/u?d5709faa
>> https://www.imperialviolet.org/2014/06/05/earlyccs.html
>> https://www.openssl.org/news/secadv_20140605.txt
>> 
>> Solution :
>> 
>> OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 
>> 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should 
>> upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) 
>> should upgrade to 1.0.1h.
>> 
>> CVSS Base Score : 9.3
>> (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
>> CVSS Temporal Score : 8.1
>> (CVSS2#E:ND/RL:OF/RC:C)
>> Public Exploit Available : true
>> 
>> Plugin output :
>> 
>> The remote service accepted an SSL ChangeCipherSpec message at an 
>> incorrect point in the handshake leading to weak keys being used, and 
>> then attempted to decrypt an SSL record using those weak keys.
>> 
>> CVE : CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE- 
>> 2014-0221, CVE-2014-0224, CVE-2014-3470 BID : 66363, 66801, 67193, 
>> 67898, 67899, 67900, 67901 Other references : OSVDB:104810, 
>> OSVDB:105763, OSVDB:106531, OSVDB:107729, OSVDB:107730, OSVDB:107731, 
>> OSVDB:107732, CERT:978508, IAVA:2014-A-0083
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> IP : 128.111.28.116
>> Name : ilab-116.cs.ucsb.edu
>> Scan Time : Tue Jun 24 14:03:35 2014
>> Service : mdns (5353/udp)
>> Script ID : 12218
>> Synopsis :
>> 
>> It is possible to obtain information about the remote host.
>> 
>> Description :
>> 
>> The remote service understands the Bonjour (also known as ZeroConf or
>> mDNS) protocol, which allows anyone to uncover information from the 
>> remote host such as its operating system type and exact version, its 
>> hostname, and the list of services it is running.
>> 
>> This plugin attempts to discover mDNS used by hosts that are not on 
>> the network segment on which Nessus resides.
>> 
>> Solution :
>> 
>> Filter incoming traffic to UDP port 5353, if desired.
>> 
>> CVSS Base Score : 5.0
>> (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
>> 
>> Plugin output :
>> 
>> Nessus was able to extract the following information :
>> 
>> - mDNS hostname : 128.local.
>> 
>> - Advertised services :
>> o Service name : 128
>> [00:21:9b:05:e7:48]._workstation._tcp.local.
>> Port number : 9
>> o Service name : 128._udisks-ssh._tcp.local.
>> Port number : 22
>> 
>> - CPU type : I686
>> - OS : LINUX
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> 
> 
> _______________________________________________
> Ilab-users mailing list
> Ilab-users at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users

More information about the Ilab-users mailing list