connect.pl issue after install openssl ifix on AIX
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --version
vSphere SDK for Perl version: 6.0.0
Script 'connect.pl' version: 1.0
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username ### --password ###
Connection Successful
Server Time : 2016-05-03T16:56:12.582781Z
$ lslpp -l | grep openssl
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method
#emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE
After installing openssl ifix IV80743m9b on AIX
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username #### --password ####
Crypt::SSLeay is required for https connections, but could not be loaded: Can't load '/usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: Symbol resolution failed for /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so because:
Symbol SSLv2_client_method (number 59) is not exported from dependent
module /usr/lib/libssl.a(libssl.so.0.9.8).
Could not load module /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so.
System error: Exec format error
Examine .loader section symbols with the 'dump -Tv' command. at /usr/opt/perl5/lib/5.10.1/aix-thread-multi/DynaLoader.pm line 200.
at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677
Compilation failed in require at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677.
$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method
#emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE
9 S IV83169m9b 05/03/16 13:02:03 OpenSSL CVEs on 0.9.8y
I believe this CVE removed the SSLv2
CVEID: CVE-2016-0800
DESCRIPTION: A cross-protocol attack was discovered that could lead to
decryption of TLS sessions by using a server supporting
SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA
padding oracle. This vulnerability is known as DROWN
Please fix this
vSphere SDK for Perl version: 6.0.0
Script 'connect.pl' version: 1.0
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username ### --password ###
Connection Successful
Server Time : 2016-05-03T16:56:12.582781Z
$ lslpp -l | grep openssl
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method
#emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE
After installing openssl ifix IV80743m9b on AIX
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username #### --password ####
Crypt::SSLeay is required for https connections, but could not be loaded: Can't load '/usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: Symbol resolution failed for /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so because:
Symbol SSLv2_client_method (number 59) is not exported from dependent
module /usr/lib/libssl.a(libssl.so.0.9.8).
Could not load module /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so.
System error: Exec format error
Examine .loader section symbols with the 'dump -Tv' command. at /usr/opt/perl5/lib/5.10.1/aix-thread-multi/DynaLoader.pm line 200.
at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677
Compilation failed in require at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677.
$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method
#emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE
9 S IV83169m9b 05/03/16 13:02:03 OpenSSL CVEs on 0.9.8y
I believe this CVE removed the SSLv2
CVEID: CVE-2016-0800
DESCRIPTION: A cross-protocol attack was discovered that could lead to
decryption of TLS sessions by using a server supporting
SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA
padding oracle. This vulnerability is known as DROWN
Please fix this
Comments
-
Hi,
do you have installed Perl-Crypt-SSLeay?
Install manual says ( http://www.lpar2rrd.com/install.htm --> VMware ) :
AIX potential issue
If connect.pl is reporting problems with Crypt::SSLeay then install Perl-Crypt-SSLeay
# rpm -Uvh perl-Crypt-SSLeay-0.57-2.aix6.1.ppc.rpm
Looks like it has not been necessary before the apar installation.
Cheers,
Pavel -
The issue here is the AIX deprecated the SSLv2 after installing the ifix. Unless the connect.pl is switched to use TLS.
-
ok, that explains that, thanks.
Howdy, Stranger!
Categories
- 1.6K All Categories
- 48 XORMON NG
- 25 XORMON
- 153 LPAR2RRD
- 13 VMware
- 16 IBM i
- 2 oVirt / RHV
- 4 MS Windows and Hyper-V
- Solaris / OracleVM
- XenServer / Citrix
- Nutanix
- 7 Database
- 2 Cloud
- 10 Kubernetes / OpenShift / Docker
- 124 STOR2RRD
- 19 SAN
- 7 LAN
- 17 IBM
- 3 EMC
- 12 Hitachi
- 5 NetApp
- 15 HPE
- Lenovo
- 1 Huawei
- 2 Dell
- Fujitsu
- 2 DataCore
- INFINIDAT
- 3 Pure Storage
- Oracle