The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: Db2 UDB, Domino by IBM, I-Connect, Informix Server, Notes by IBM, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler.
Severity of this bulletin: 3/4.
Creation date: 20/05/2014.
Références of this threat: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.
Description of the vulnerability 
The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.
However, some SSL messages generate an infinite loop in GSKit.
An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This computer vulnerability alert impacts software or systems such as Db2 UDB, Domino by IBM, I-Connect, Informix Server, Notes by IBM, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler.
Our Vigil@nce team determined that the severity of this computer threat alert is important.
The trust level is of type confirmed by the editor, with an origin of internet client.
An attacker with a expert ability can exploit this security vulnerability.
Solutions for this threat 
IBM DB2: APAR for GSKit.
An APAR is available:
V9.5: IC98853
V9.7 FP9a: IC99474 http://www.ibm.com/support/docview.wss?uid=swg24036646
V9.8: IC99476
V10.1 FP3a: IC99475 http://www.ibm.com/support/docview.wss?uid=swg24035759
V10.1 FP4: IC99475 http://www.ibm.com/support/docview.wss?uid=swg24037466
V10.5 FP3a: IC99477 http://www.ibm.com/support/docview.wss?uid=swg24036705
IBM DB2: version 10.1 Fix Pack 4.
The version 10.1 Fix Pack 4 is fixed.
IBM Informix Client SDK: solution for GSKit.
The solution is indicated in information sources.
IBM Informix Server: solution for GSKit.
The solution is indicated in information sources.
IBM Lotus Notes, Domino: patch for Java.
A patch is available:
http://www-01.ibm.com/support/docview.wss?uid=swg24037141
IBM Security Directory Server: patch for GSKit.
A patch is available:
ISDS 6.1.0: 6.1.0.61-ISS-ITDS
ISDS 6.2.0: 6.2.0.36-ISS-ITDS
ISDS 6.3.0: 6.3.0.30-ISS-ITDS
ISDS 6.3.1: 6.3.1.2-ISS-ISDS
IBM SPSS Modeler: patch for GSKit.
A patch is available:
SPSS Modeler 16.0 Interim Fix 13
http://www.ibm.com/support/docview.wss?uid=swg24037537
IBM SPSS Modeler: version 16.0 FP1.
The version 16.0 FP1 is fixed.
IBM Tivoli Storage Manager: fixed versions for GSKit.
Fixed versions are indicated in information sources.
IBM Tivoli Workload Scheduler: patch for GSKit.
A patch is available:
8.5.1-TIV-TWS-FP0005-IV60577
8.6.0-TIV-TWS-FP0003-IV60577
9.1.0-TIV-TWS-FP0001-IV60577
9.2.0-TIV-TWS-FP0000-IV60577
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a computer vulnerability alert. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|