OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[SA11783] IBM Multiple Products GSKit Denial of Service Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Jun 07 2004 - 07:10:32 CDT

TITLE:
IBM Multiple Products GSKit Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA11783

VERIFY ADVISORY:
http://secunia.com/advisories/11783/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
IBM WebSphere MQ 5.x
IBM Tivoli Access Manager for Business Integration 5.x
IBM HTTP Server 1.x
IBM HTTP Server 2.x
IBM Tivoli Access Manager for e-business 3.x
IBM Tivoli Access Manager for e-business 4.x
IBM Tivoli Access Manager for e-business 5.x
IBM Tivoli Directory Server 4.x
IBM Tivoli Directory Server 5.x

DESCRIPTION:
A vulnerability has been discovered in various IBM products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

The vulnerability is caused due to an unspecified error within the
IBM Global Security Toolkit (GSKit) during SSL handshakes. This can
be exploited via specially crafted SSL records to crash the
application or cause a performance degradation.

The IBM GSKit is included in the following products:
* Access Manager for e-business 3.9
* Access Manager for e-business 4.1
* Access Manager for e-business 5.1
* Access Manager for Business Integration 5.1
* IBM Tivoli Directory Server 4.1
* IBM Tivoli Directory Server 5.1
* IBM HTTP Server 1.3.12.x
* IBM HTTP Server 1.3.19.x
* IBM HTTP Server 1.3.26.x
* IBM HTTP Server 1.3.28.x
* IBM HTTP Server 2.0.42.x
* IBM HTTP Server 2.0.47.x
* Websphere MQ V5.3

SOLUTION:
Fixes are available. See patch matrix at:
http://www-1.ibm.com/support/docview.wss?uid=swg21169222

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www-1.ibm.com/support/docview.wss?uid=swg21170854&rs=260

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------