IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities

low Nessus Plugin ID 74287

Synopsis

The remote Windows host has a library installed that is affected by multiple vulnerabilities.

Description

The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities :

- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)

- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.
(CVE-2014-0963)

Solution

Apply GSKit 7.0.4.50 / 8.0.14.43 / 8.0.50.20 or later or apply the appropriate patch referenced in the advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21672189

http://www-01.ibm.com/support/docview.wss?uid=swg21672950

https://www-304.ibm.com/support/docview.wss?uid=swg21672843

http://www-01.ibm.com/support/docview.wss?uid=swg21671919

http://www-01.ibm.com/support/docview.wss?uid=swg21673521

http://www-01.ibm.com/support/docview.wss?uid=swg21673682

http://www-01.ibm.com/support/docview.wss?uid=swg21672192

https://www-304.ibm.com/support/docview.wss?uid=swg21673749

https://www-304.ibm.com/support/docview.wss?uid=swg21673745

http://www-01.ibm.com/support/docview.wss?uid=swg21673418

http://www-01.ibm.com/support/docview.wss?uid=swg21671732

http://www-01.ibm.com/support/docview.wss?uid=swg21673282

https://www-304.ibm.com/support/docview.wss?uid=swg21673259

http://www-01.ibm.com/support/docview.wss?uid=swg21673696

http://www-01.ibm.com/support/docview.wss?uid=swg21673245

https://www-304.ibm.com/support/docview.wss?uid=swg21673689

http://www-01.ibm.com/support/docview.wss?uid=swg21673600

http://www-01.ibm.com/support/docview.wss?uid=swg21672869

http://www-01.ibm.com/support/docview.wss?uid=swg21673717

https://www-304.ibm.com/support/docview.wss?uid=swg21673666

https://www-304.ibm.com/support/docview.wss?uid=swg21673008

http://www-01.ibm.com/support/docview.wss?uid=swg21672724

http://www-01.ibm.com/support/docview.wss?uid=swg21673040

Plugin Details

Severity: Low

ID: 74287

File Name: ibm_gskit_8_0_50_20.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 6/3/2014

Updated: 11/26/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-0076

Vulnerability Information

CPE: cpe:/a:ibm:global_security_kit

Required KB Items: Settings/ParanoidReport, installed_sw/IBM GSKit

Exploit Ease: No known exploits are available

Patch Publication Date: 5/1/2014

Vulnerability Publication Date: 2/24/2014

Reference Information

CVE: CVE-2014-0076, CVE-2014-0963

BID: 66363, 67238