Vigil@nce - IBM GSKit : denial of service via SSL/TLS
février 2014 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious SSL/TLS messages to applications
using IBM GSKit, in order to trigger a denial of service.
Impacted products : Security Directory Server, Tivoli Directory
Server
Severity : 2/4
Creation date : 30/01/2014
DESCRIPTION OF THE VULNERABILITY
The IBM Global Security Kit (GSKit) suite implements the support
of SSL/TLS for several IBM applications.
However, a malformed certificate chain triggers an error.
Technical details are unknown.
An attacker can therefore send malicious SSL/TLS messages to
applications using IBM GSKit, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-GSKit-denial-of-service-via-SSL-TLS-14158