Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Access Manager for e-business (CVE-2012-2191)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtsecurity
0 Comments | 732 Visits
A vulnerability has been identified in the GSKit component utilized by Tivoli Access Manager for e-business (TAM). A specifically crafted malformed SSL/TLS data packet can cause the TAM server component using GSKit to segmentation fault.. Remediation for the issue consists of upgrading affected GSKit 7 versions to version 184.108.40.206 or higher following the instructions at the end of this bulletin.
Affected product(s) & Affected version(s):
All supported Tivoli Access Manager versions are affected if they use GSKit 7.0.x.x builds before and including 220.127.116.11
Refer to the following reference URLs for remediation and additional vulnerability details.