IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX Security Bulletin

Dec 15, 2018 9:00 am EST

Categorized: High Severity

Share this post:

There are multiple vulnerabilities in GSKit that affect IBM Tivoli Directory Server and IBM Security Directory Server for AIX.

CVE(s): CVE-2018-1388, CVE-2018-1427, CVE-2018-1426, CVE-2016-0702, CVE-2018-1447

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective IBM Tivoli Directory Server (ITDS) or IBM Security Directory Server (ISDS) version is installed:
For ITDS 6.2.0: Less than 6.2.0.56
For ITDS 6.3.0: Less than 6.3.0.49
For ISDS 6.3.0: Less than 6.3.1.24
For ISDS 6.3.0: Less than 6.4.0.16

Note: To find out whether the affected ITDS or ISDS filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i itds

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10788069
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138212
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111144
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

from IBM Product Security Incident Response Team https://ift.tt/2CgBiG9