Denial of Service Vulnerability in IBM GSKit Used in Directory Servers
CVE-2013-6747

Currently unrated

Key Information:

Vendor: IBM
Status: Global Security Kit
Vendor: CVE Published:; 27 January 2014

Summary

A vulnerability exists in IBM GSKit versions 7.x prior to 7.0.4.48 and 8.x prior to 8.0.50.16, impacting IBM Security Directory Server and Tivoli Directory Server. This flaw can be exploited by remote attackers to generate a denial of service condition, potentially causing the affected application to crash or hang. The attack vector involves the use of a malformed X.509 certificate chain, which compromises the integrity and availability of the services dependent on this security library.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89863

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

x_refsource_CONFIRM

http://secunia.com/advisories/56698

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 27, 2014
Vulnerability Reserved
Nov 8, 2013