IBM Security Directory Server < 18.104.22.168 / 22.214.171.124 / 126.96.36.199 / 188.8.131.52 with GSKit < 184.108.40.206 / 220.127.116.11 SSL CPU Utilization DoS
High Nessus Plugin ID 80482
SynopsisThe version of IBM Security Directory Server and GSKit is affected by a denial of service vulnerability.
DescriptionThe remote host is running a version of IBM Security Directory Server (formerly IBM Tivoli Directory Server) and a version of IBM Global Security Kit (GSKit) that is affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this issue via a specially-crafted SSL to use excessive CPU resources resulting in the host to become unresponsive.
SolutionInstall the appropriate fix based on the vendor's advisory :
Alternatively, upgrade GSKit to 18.104.22.168 or 22.214.171.124.