Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtmedium psirtsecurity
0 Comments | 1,179 Visits
A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server (TDS). A specifically crafted malformed SSL/TLS data packet can cause the TDS server using GSKit to segmentation fault.. Remediation for the issue consists of updating GSKit 7 to version 18.104.22.168 or higher, and GSKit 8 to version 22.214.171.124 or higher.
Affected product(s) & Affected version(s): Versions 7.5 through 8.5 of IBM Rational Application Developer using an IBM WebSphere Application Server:
Version 126.96.36.199 through 188.8.131.52
Version 184.108.40.206 through 220.127.116.11
Version 18.104.22.168 (Full Profile only)
Refer to the following reference URLs for remediation and additional vulnerability details.