Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtsecurity
0 Comments | 1,041 Visits
A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server (TDS). A specifically crafted malformed SSL/TLS data packet can cause the TDS server using GSKit to segmentation fault.. Remediation for the issue consists of updating GSKit 7 to version 22.214.171.124 or higher, and GSKit 8 to version 126.96.36.199 or higher.
Affected product(s) & Affected version(s): Versions 7.5 through 8.5 of IBM Rational Application Developer using an IBM WebSphere Application Server:
Version 188.8.131.52 through 184.108.40.206
Version 220.127.116.11 through 18.104.22.168
Version 22.214.171.124 (Full Profile only)
Refer to the following reference URLs for remediation and additional vulnerability details.