IBM GSKit 7.x < 7.0.4.45 / 8.0.14.x < 8.0.14.27 TLS Side-Channel Timing Information Disclosure

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a library installed that is affected by an
information disclosure vulnerability.

Description :

The version of IBM Global Security Kit (GSKit) installed on the
remote host is 7.0.x prior to 7.0.4.45 or 8.0.14.x prior to 8.0.14.27.
It is, therefore, affected by an information disclosure vulnerability.
The Transport Layer Security (TLS) protocol does not properly
consider timing side-channel attacks, which allows remote attackers
to conduct distinguishing attacks and plain-text recovery attacks via
statistical analysis of timing data for crafted packets. This type of
exploitation is known as the 'Lucky Thirteen' attack.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21638270

Solution :

Upgrade to GSKit 7.0.4.45 / 8.0.14.27 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.5
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 67231 ()

Bugtraq ID: 57778

CVE ID: CVE-2013-0169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now