IBM Tivoli Directory Server < / / / with GSKit < / TLS Side-Channel Timing Information Disclosure

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote host has a library installed that is affected by an
information disclosure vulnerability.

Description :

The remote host is running a version of IBM Tivoli Directory Server
and a version of IBM Global Security Kit (GSKit) that is affected by
an information disclosure vulnerability. The Transport Layer Security
(TLS) protocol does not properly consider timing side-channel attacks,
which allows remote attackers to conduct distinguishing attacks and
plain-text recovery attacks via statistical analysis of timing data
for crafted packets. This type of exploitation is known as the 'Lucky
Thirteen' attack.

See also :

Solution :

Install the appropriate fix based on the vendor's advisory :


Alternatively, upgrade GSKit to or or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 80481 ()

Bugtraq ID: 57778

CVE ID: CVE-2013-0169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now