connect.pl issue after install openssl ifix on AIX

$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --version
vSphere SDK for Perl version: 6.0.0
Script 'connect.pl' version: 1.0
$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username ### --password ###

Connection Successful
Server Time : 2016-05-03T16:56:12.582781Z
$ lslpp -l | grep openssl
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
openssl.base 0.9.8.2506 COMMITTED Open Secure Socket Layer
$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method
[291] 0x2000364c .data EXP DS SECdef [noIMid] SSLv2_method
[384] 0x20003bbc .data EXP DS SECdef [noIMid] SSLv2_server_method
[386] 0x20003bd4 .data EXP DS SECdef [noIMid] SSLv2_client_method
[452] 0x20003eec .data EXP DS SECdef [noIMid] SSLv23_method
[454] 0x20003f04 .data EXP DS SECdef [noIMid] SSLv23_server_method
[455] 0x20003f10 .data EXP DS SECdef [noIMid] SSLv23_client_method

#emgr -l

ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE





After installing openssl ifix IV80743m9b on AIX

$ /usr/bin/perl /home/lpar2rrd/lpar2rrd/vmware-lib/apps/connect.pl --server 9.23.120.15 --username #### --password ####
Crypt::SSLeay is required for https connections, but could not be loaded: Can't load '/usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so' for module Crypt::SSLeay: Symbol resolution failed for /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so because:
Symbol SSLv2_client_method (number 59) is not exported from dependent
module /usr/lib/libssl.a(libssl.so.0.9.8).
Could not load module /usr/opt/perl5/lib/site_perl/5.10.1/aix-thread-multi/auto/Crypt/SSLeay/SSLeay.so.
System error: Exec format error
Examine .loader section symbols with the 'dump -Tv' command. at /usr/opt/perl5/lib/5.10.1/aix-thread-multi/DynaLoader.pm line 200.
at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677
Compilation failed in require at /home/lpar2rrd/lpar2rrd/vmware-lib/apps/..//VMware/VICommon.pm line 677.

$ dump -Tv /usr/lib/libssl.a | grep SSLv2
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method
[415] 0x200036c0 .data EXP DS SECdef [noIMid] SSLv23_method
[417] 0x200036d8 .data EXP DS SECdef [noIMid] SSLv23_server_method
[418] 0x200036e4 .data EXP DS SECdef [noIMid] SSLv23_client_method


#emgr -l

ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IV73316s5a 02/29/16 16:18:59 Ifix for IV73316 at AIX 7.1 TL03 SP05.
2 S IV75646m5a 02/29/16 16:19:12 IV75646 for AIX 7.1 TL03 SP05
3 S IV77299s5b 02/29/16 16:19:27 Fix for CVE-2015-4948
4 S IV79943m5a 02/29/16 16:20:01 ifix for IV79943 and IV74261
5 S IV80586s1a 03/31/16 14:18:35 Security vulnerability with libmxl2.a
6 S IV73975s5a 03/31/16 14:18:55 IV73975 for AIX 7.1 TL03 SP05
7 S IV81280m5a 05/02/16 15:55:03 Ifix for IV81280 and IV80189m5a
8 S IV80743m9b 05/02/16 16:49:10 Ifix for OpenSSH CVE
9 S IV83169m9b 05/03/16 13:02:03 OpenSSL CVEs on 0.9.8y

I believe this CVE removed the SSLv2
CVEID: CVE-2016-0800
DESCRIPTION: A cross-protocol attack was discovered that could lead to
decryption of TLS sessions by using a server supporting
SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA
padding oracle. This vulnerability is known as DROWN


Please fix this

Comments

  • Hi,

    do you have installed Perl-Crypt-SSLeay?
    Install manual says ( http://www.lpar2rrd.com/install.htm --> VMware ) :

    AIX potential issue
    If connect.pl is reporting problems with Crypt::SSLeay then install Perl-Crypt-SSLeay
    # rpm -Uvh perl-Crypt-SSLeay-0.57-2.aix6.1.ppc.rpm

    Looks like it has not been necessary before the apar installation.

    Cheers,
    Pavel
  • The issue here is the AIX deprecated the SSLv2 after installing the ifix. Unless the connect.pl is switched to use TLS.
  • ok, that explains that, thanks.
Sign In or Register to comment.