首页 -> 安全研究
安全研究
安全漏洞
IBM GSKit SSL握手未明拒绝服务漏洞
发布日期:2004-06-07
更新日期:2004-06-17
受影响系统:
IBM HTTP Server 2.0.47描述:
IBM HTTP Server 2.0.42.2
IBM HTTP Server 1.3.28
IBM HTTP Server 1.3.26.2
IBM HTTP Server 1.3.26.1
IBM HTTP Server 1.3.26
IBM HTTP Server 1.3.19.5
IBM HTTP Server 1.3.19.4
IBM HTTP Server 1.3.19.3
IBM HTTP Server 1.3.19.2
IBM HTTP Server 1.3.19.1
IBM HTTP Server 1.3.12.4
IBM HTTP Server 1.3.12.3
IBM HTTP Server 1.3.12.2
IBM Websphere MQ 5.3.0.5
IBM Websphere MQ 5.3.0.1
IBM Websphere MQ 5.3
IBM Tivoli Access Manager for e-business 5.1
IBM Tivoli Access Manager for e-business 4.1
IBM Tivoli Access Manager for e-business 3.9
IBM Directory Server 5.1
IBM Directory Server 4.1
IBM HTTP Server 1.3.19
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- RedHat Linux 7.1
- Sun Solaris 7.0
- Sun Solaris 2.6
- SuSE Linux 7.1
BUGTRAQ ID: 10475
IBM Global Security Toolkit是一款针对多种IBM产品的安全管理工具。
IBM GSKit工具在SSL握手期间不正确处理畸形数据包,远程攻击者可以利用这个漏洞可导致GSKIT组件失败,继而导致应用程序崩溃。
问题牵涉到'CERT Advisory CA-2003-26'相关的漏洞,目前没有详细漏洞细节提供。
<*来源:IBM
链接:http://www-1.ibm.com/support/docview.wss?uid=swg21169222
*>
建议:
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Access Manager for e-business 3.9补丁在2004-07-01推出。
Access Manager for e-business 4.1,可联系IBM2级供应商获得补丁,详细信息如下:
http://www.ibm.com/support/docview.wss?uid=swg24006785
Access Manager for e-business 5.1 可联系IBM2级供应商获得补丁,详细信息如下:
http://www.ibm.com/support/docview.wss?uid=swg24006925
http://www.ibm.com/support/docview.wss?uid=swg24006926
Access Manager for Business Integration 5.1 可联系IBM2级供应商获得补丁,详细信息如下:
http://www.ibm.com/support/docview.wss?uid=swg21168453
IBM Tivoli Directory Server 4.1 :
http://www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y (Select appropriate platform, and download Fixpack 1)
IBM Tivoli Directory Server 5.1:http://www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y (Select appropriate platform, and download GSKIT)
IBM HTTP Server 1.3.12.x:
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 1.3.19.x:
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 1.3.26.x on platforms other than Linux for PowerPC
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 1.3.26.x on Linux for PowerPC
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 1.3.28.x
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 2.0.42.x on platforms other than Linux for PowerPC
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 2.0.42.x on Linux for PowerPC
http://www.ibm.com/support/docview.wss?uid=swg21165486
IBM HTTP Server 2.0.47.x
http://www.ibm.com/support/docview.wss?uid=swg21165486
Websphere MQ for AIX, V5.3
http://www.ibm.com/support/docview.wss?uid=swg24006435
Websphere MQ for HP-UX, V5.3
http://www.ibm.com/support/docview.wss?uid=swg24006435
Websphere MQ for Sun Solaris, V5.3
http://www.ibm.com/support/docview.wss?uid=swg24006435
Websphere MQ for Linux for Intel, V5.3
http://www.ibm.com/support/docview.wss?uid=swg24006435
Websphere MQ for Linux for zSeries, V5.3
http://www.ibm.com/support/docview.wss?uid=swg24006435
浏览次数:3949
严重程度:0(网友投票)
绿盟科技给您安全的保障