IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux)

High Nessus Plugin ID 74288

Synopsis

The remote Linux host has a library installed that is affected by multiple vulnerabilities.

Description

The remote Linux host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities :

- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)

- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.
(CVE-2014-0963)

Solution

Apply GSKit 7.0.4.50 / 8.0.14.43 / 8.0.50.20 or later or apply the appropriate patch referenced in the advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21672189

http://www-01.ibm.com/support/docview.wss?uid=swg21672950

https://www-304.ibm.com/support/docview.wss?uid=swg21672843

http://www-01.ibm.com/support/docview.wss?uid=swg21671919

http://www-01.ibm.com/support/docview.wss?uid=swg21673521

https://www-304.ibm.com/support/docview.wss?uid=swg21672843

http://www-01.ibm.com/support/docview.wss?uid=swg21673682

http://www-01.ibm.com/support/docview.wss?uid=swg21672192

https://www-304.ibm.com/support/docview.wss?uid=swg21673749

https://www-304.ibm.com/support/docview.wss?uid=swg21673745

http://www-01.ibm.com/support/docview.wss?uid=swg21673418

http://www-01.ibm.com/support/docview.wss?uid=swg21671732

http://www-01.ibm.com/support/docview.wss?uid=swg21673282

http://www-01.ibm.com/support/docview.wss?uid=swg21672192

https://www-304.ibm.com/support/docview.wss?uid=swg21673259

http://www-01.ibm.com/support/docview.wss?uid=swg21673696

http://www-01.ibm.com/support/docview.wss?uid=swg21673245

https://www-304.ibm.com/support/docview.wss?uid=swg21673689

http://www-01.ibm.com/support/docview.wss?uid=swg21673600

http://www-01.ibm.com/support/docview.wss?uid=swg21672869

http://www-01.ibm.com/support/docview.wss?uid=swg21673717

https://www-304.ibm.com/support/docview.wss?uid=swg21673666

https://www-304.ibm.com/support/docview.wss?uid=swg21673008

http://www-01.ibm.com/support/docview.wss?uid=swg21672724

http://www-01.ibm.com/support/docview.wss?uid=swg21673040

Plugin Details

Severity: High

ID: 74288

File Name: ibm_gskit_8_0_50_20_linux.nasl

Version: 1.4

Type: local

Family: General

Published: 2014/06/03

Updated: 2018/07/12

Dependencies: 74286

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:global_security_kit

Required KB Items: installed_sw/IBM GSKit, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/01

Vulnerability Publication Date: 2014/02/24

Reference Information

CVE: CVE-2014-0076, CVE-2014-0963

BID: 66363, 67238