Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtsecurity
0 Comments | 1,033 Visits
A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server (TDS). A specifically crafted malformed SSL/TLS data packet can cause the TDS server using GSKit to segmentation fault.. Remediation for the issue consists of updating GSKit 7 to version 184.108.40.206 or higher, and GSKit 8 to version 220.127.116.11 or higher.
Affected product(s) & Affected version(s): Versions 7.5 through 8.5 of IBM Rational Application Developer using an IBM WebSphere Application Server:
Version 18.104.22.168 through 22.214.171.124
Version 126.96.36.199 through 188.8.131.52
Version 184.108.40.206 (Full Profile only)
Refer to the following reference URLs for remediation and additional vulnerability details.