Security Bulletin: GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtmedium psirtsecurity
0 Comments | 1,059 Visits
A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server (TDS). A specifically crafted malformed SSL/TLS data packet can cause the TDS server using GSKit to segmentation fault.. Remediation for the issue consists of updating GSKit 7 to version 188.8.131.52 or higher, and GSKit 8 to version 184.108.40.206 or higher.
Affected product(s) & Affected version(s): Versions 7.5 through 8.5 of IBM Rational Application Developer using an IBM WebSphere Application Server:
Version 220.127.116.11 through 18.104.22.168
Version 22.214.171.124 through 126.96.36.199
Version 188.8.131.52 (Full Profile only)
Refer to the following reference URLs for remediation and additional vulnerability details.