IBM Tivoli Directory Server < 188.8.131.52 / 184.108.40.206 / 220.127.116.11 with GSKit < 18.104.22.168 / 22.214.171.124 X.509 Certificate Chain DoS
High Nessus Plugin ID 72220
SynopsisThe version of IBM Tivoli Directory Server and GSKit is affected by a denial of service vulnerability.
DescriptionThe remote host is running a version of IBM Tivoli Directory Server 6.1.0.x prior to 126.96.36.199, 6.2.0 prior to 188.8.131.52, or 6.3.0.x prior to 184.108.40.206, and a version of IBM Global Security Kit (GSKit) 7.0.x prior to 220.127.116.11 or 8.0.50.x prior to 18.104.22.168. It is, therefore, affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this vulnerability via a malformed X.509 certificate chain to cause an application crash or hang.
SolutionInstall the appropriate fix based on the vendor's advisory :
Alternatively, upgrade GSKit to 22.214.171.124 or 126.96.36.199.