IBM Tivoli Directory Server < 184.108.40.206 / 220.127.116.11 / 18.104.22.168 with GSKit < 22.214.171.124 / 126.96.36.199 X.509 Certificate Chain DoS
High Nessus Plugin ID 72220
SynopsisThe version of IBM Tivoli Directory Server and GSKit is affected by a denial of service vulnerability.
DescriptionThe remote host is running a version of IBM Tivoli Directory Server 6.1.0.x prior to 188.8.131.52, 6.2.0 prior to 184.108.40.206, or 6.3.0.x prior to 220.127.116.11, and a version of IBM Global Security Kit (GSKit) 7.0.x prior to 18.104.22.168 or 8.0.50.x prior to 22.214.171.124. It is, therefore, affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this vulnerability via a malformed X.509 certificate chain to cause an application crash or hang.
SolutionInstall the appropriate fix based on the vendor's advisory :
Alternatively, upgrade GSKit to 126.96.36.199 or 188.8.131.52.