安全研究

安全漏洞
IBM GSKit SSL握手未明拒绝服务漏洞

发布日期:2004-06-07
更新日期:2004-06-17

受影响系统:
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42.2
IBM HTTP Server 1.3.28
IBM HTTP Server 1.3.26.2
IBM HTTP Server 1.3.26.1
IBM HTTP Server 1.3.26
IBM HTTP Server 1.3.19.5
IBM HTTP Server 1.3.19.4
IBM HTTP Server 1.3.19.3
IBM HTTP Server 1.3.19.2
IBM HTTP Server 1.3.19.1
IBM HTTP Server 1.3.12.4
IBM HTTP Server 1.3.12.3
IBM HTTP Server 1.3.12.2
IBM Websphere MQ 5.3.0.5
IBM Websphere MQ 5.3.0.1
IBM Websphere MQ 5.3
IBM Tivoli Access Manager for e-business 5.1
IBM Tivoli Access Manager for e-business 4.1
IBM Tivoli Access Manager for e-business 3.9
IBM Directory Server 5.1
IBM Directory Server 4.1
IBM HTTP Server 1.3.19
    - HP HP-UX 11.0
    - IBM AIX 4.3.3
    - Microsoft Windows NT 4.0 SP6a
    - Microsoft Windows NT 4.0 SP6
    - Microsoft Windows NT 4.0 SP5
    - RedHat Linux 7.1
    - Sun Solaris 7.0
    - Sun Solaris 2.6
    - SuSE Linux 7.1
描述:
BUGTRAQ  ID: 10475

IBM Global Security Toolkit是一款针对多种IBM产品的安全管理工具。

IBM GSKit工具在SSL握手期间不正确处理畸形数据包,远程攻击者可以利用这个漏洞可导致GSKIT组件失败,继而导致应用程序崩溃。

问题牵涉到'CERT Advisory CA-2003-26'相关的漏洞,目前没有详细漏洞细节提供。

<*来源:IBM
  
  链接:http://www-1.ibm.com/support/docview.wss?uid=swg21169222
*>

建议:
厂商补丁:

IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Access Manager for e-business 3.9补丁在2004-07-01推出。

Access Manager for e-business 4.1,可联系IBM2级供应商获得补丁,详细信息如下:

http://www.ibm.com/support/docview.wss?uid=swg24006785

Access Manager for e-business 5.1 可联系IBM2级供应商获得补丁,详细信息如下:

http://www.ibm.com/support/docview.wss?uid=swg24006925

http://www.ibm.com/support/docview.wss?uid=swg24006926

Access Manager for Business Integration 5.1 可联系IBM2级供应商获得补丁,详细信息如下:

http://www.ibm.com/support/docview.wss?uid=swg21168453

IBM Tivoli Directory Server 4.1 :

http://www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y (Select appropriate platform, and download Fixpack 1)

IBM Tivoli Directory Server 5.1:http://www14.software.ibm.com/webapp/download/search.jsp?rs=ldap&go=y (Select appropriate platform, and download GSKIT)

IBM HTTP Server 1.3.12.x:

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 1.3.19.x:

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 1.3.26.x on platforms other than Linux for PowerPC

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 1.3.26.x on Linux for PowerPC

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 1.3.28.x

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 2.0.42.x on platforms other than Linux for PowerPC

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 2.0.42.x on Linux for PowerPC

http://www.ibm.com/support/docview.wss?uid=swg21165486

IBM HTTP Server 2.0.47.x

http://www.ibm.com/support/docview.wss?uid=swg21165486

Websphere MQ for AIX, V5.3

http://www.ibm.com/support/docview.wss?uid=swg24006435

Websphere MQ for HP-UX, V5.3

http://www.ibm.com/support/docview.wss?uid=swg24006435


Websphere MQ for Sun Solaris, V5.3

http://www.ibm.com/support/docview.wss?uid=swg24006435


Websphere MQ for Linux for Intel, V5.3

http://www.ibm.com/support/docview.wss?uid=swg24006435


Websphere MQ for Linux for zSeries, V5.3

http://www.ibm.com/support/docview.wss?uid=swg24006435

浏览次数:4044
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障