| Flash (Alert) | | | | Abstract | | A potential denial-of-service vulnerability can be triggered by certain malformed Secure Sockets Layer (SSL) records causing IBM® Global Security Toolkit (GSKit) component to fail, and thereby, causing the application to terminate. | | | | Content | IBM is reporting an issue with the IBM GSKit for SSL runtime, which is a component of multiple IBM products. This issue can cause an IBM product using this component to fail under certain conditions or experience performance degradation.
This issue is not the related to the reported CERT Advisory CA-2003-26 that involved malforming (purposely altering the steps and network data) the SSL handshake: rather, internal test teams were able to diagnose a different issue in the SSL handshake.
In the case of this issue, when subjected to a very specific malformed transmission, the IBM product will either have serious performance degradation, or will terminate. The termination of the application does not introduce any further security concerns such as being able to access a remote system.
Link to the correction
| | | | | | | | Cross Reference information | | Segment | Product | Component | Platform | Version | Edition | | Security | IBM Tivoli Access Manager for Business Integration | Not Applicable | All Platforms | 5.1 | All Editions | | Security | IBM Directory Server | Not Applicable | All Platforms | 4.1, 5.1 | All Editions |
| | |
|
|
 |
|
| Product categories: |
|
| | Software |
|
| | Security |
|
| | Access |
|
| | IBM Tivoli Access Manager for e-business |
|
| | Base |
|
| Operating system(s): |
| |
All Platforms
|
|
| Software version: |
| |
3.9, 4.1, 5.1
|
|
| Software edition: |
| |
All Editions
|
|
| Reference #: |
| | 1170854 |
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2004-06-03 |
|
|
United States
