AMM CVE

Please check your Avaya Multimedia Messaging server version firstly.

 

Enterprise Linux Server release 6.6 ()

SYSTEM_VERSION=3.0.0.0.6

SYSTEM_PATCH_LEVEL=0

Linux ucamm.uclab.com 2.6.32-642.4.2.el6.x86_64 #1 SMP Mon Aug 15 02:06:41 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

 

 

Description: Error handling in the SSH protocol when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Resolution: This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1287.html

 

 

Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of cipher text in a large number of sessions that use the same plaintext.

Resolution: One solution is to switch over to AES-CBC mode (with fixes applied for BEAST and other related vulnerabilities) or to use TLS 1.1+

CVE-2015-2808

 

You can check tls version on AMM by following command.

[admin@ucamm ~]$ sudo openssl s_client -connect 127.0.0.1:8443 -ssl2

CONNECTED(00000003)

write:errno=104

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 39 bytes

---

New, (NONE), Cipher is (NONE)

You can use the following command to check if AMM supports sslv3 cypher.

 

[root@wevaal3h0486j4d ~]# sudo openssl s_client -connect 127.0.0.1:8443 –ssl3

 

AMM supports safe TLSv1.2.

[admin@ucamm ~]$ sudo openssl s_client -connect 127.0.0.1:8443

SSL-Session:

    Protocol  : TLSv1.2

Cipher    : ECDHE-RSA-AES128-GCM-SHA256

 

 

Description: It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.

Resolution: Install Red Hat Security Errata by downloading and installing rpm packages on AMM.

 

You can check rpm packages on AMM.

[admin@ucamm ~]$ rpm -qa openssh*

openssh-server-5.3p1-118.1.el6_8.x86_64

openssh-5.3p1-118.1.el6_8.x86_64

openssh-clients-5.3p1-118.1.el6_8.x86_64

[admin@ucamm ~]$ rpm -ql openssh-server-5.3p1-118.1.el6_8.x86_64

/etc/pam.d/ssh-keycat

/etc/pam.d/sshd

/etc/rc.d/init.d/sshd

…

 

Description: It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

Resolution: Install Red Hat Security Errata by downloading and installing rpm packages on AMM.

 

[admin@ucamm ~]$ sudo rpm -qa openssl*

[sudo] password for admin:

openssl-1.0.1e-48.el6_8.1.x86_64

openssl098e-0.9.8e-20.el6_7.1.x86_64

[admin@ucamm ~]$ rpm -ql openssl-1.0.1e-48.el6_8.1.x86_64

/etc/pki/CA

/etc/pki/CA/certs

/etc/pki/CA/crl

/etc/pki/CA/newcerts

…

 

Description: SWEET32: Birthday attacks against TLS ciphers with 64bit block size (CVE-2016-2183) A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.

Resolution: This flaw does not directly affect any cryptographic libraries (OpenSSL, NSS and GnuTLS) in Red Hat Enterprise Linux 5, 6 and 7, since there are several stronger ciphersuites, which are placed higher than 3DES in the default cipher list configurations.

 

You can check cyphers on AMM by following command.

[admin@ucamm ~]$ sudo  sshd -T|grep ciphers

[sudo] password for admin:

ciphers aes128-ctr,aes192-ctr,aes256-ctr