IBM Global Security Kit 7 < / 8.0.14.x < / 8.0.50.x < Multiple Vulnerabilities (Linux)

High Nessus Plugin ID 74288


The remote Linux host has a library installed that is affected by multiple vulnerabilities.


The remote Linux host has a version of IBM Global Security Kit prior to / / It is, therefore, affected by the following vulnerabilities :

- An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076)

- A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive.


Apply GSKit / / or later or apply the appropriate patch referenced in the advisory.

See Also

Plugin Details

Severity: High

ID: 74288

File Name: ibm_gskit_8_0_50_20_linux.nasl

Version: 1.4

Type: local

Family: General

Published: 2014/06/03

Updated: 2018/07/12

Dependencies: 74286

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:global_security_kit

Required KB Items: installed_sw/IBM GSKit, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/01

Vulnerability Publication Date: 2014/02/24

Reference Information

CVE: CVE-2014-0076, CVE-2014-0963

BID: 66363, 67238