Informix Server GSKit 7.x <= 7.0.4.47 / 8.0.50.x <= 8.0.50.13 X.509 Certificate Chain DoS

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by a denial of
service vulnerability.

Description :

The remote Informix server ships with a version of IBM's Global
Security kit (GSKit) library that is affected by a denial of service
vulnerability. A remote attacker can exploit this issue via malformed
X.509 certificate chain to cause the host to become unresponsive.

Note that this plugin only checks the version of IBM Informix Server
and GSKit. It does not check for the presence of any workaround.

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21668664

Solution :

Upgrade the Informix server or apply the correct GSKit patch per the
vendor advisory.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 80476 ()

Bugtraq ID: 65156

CVE ID: CVE-2013-6747

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now