7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
A certificate chain presented by a Client or Server could contain a circular reference that will cause the chain building logic to loop, crash or hang.
CVE ID: CVE-2013-6747
DESCRIPTION:
A certificate chain presented by a Client or Server could contain a circular reference that will cause the chain building logic to loop which can lead to a segv crash or hang due to memory exhaustion.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89863> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector:(AV/N:AC/M:Au/N:C/N:I/N:A/C)
IBM Tivoli Storage Manager server release levels:
· 7.1.0 (all servers and storage agents)
· 6.3.0 through 6.3.4.30 (all servers)
· 6.3.3 through 6.3.4.30 (all storage agents)
· 6.2.0 through 6.2.6.0 (all servers)
· 6.1.0 through 6.1.5.xxx (AIX and Windows servers only)
· 5.5.0 through 5.5.7.xxx (AIX and Windows servers only)
The recommended solution is to apply the fixes as soon as practical. Please see below for information on the fixes available and the links where the fixes can be downloaded.
Product | APAR | Remediation/First Fix |
---|---|---|
IBM Tivoli Storage Manager Server 7.1 | IT02298 | Please call IBM service, referencing APAR IT02298. |
IBM Service will provide GSKIT installation files and install instructions to install GSKIT 8.0.14.43 ( or higher ). | ||
A fix will also be provided as part of level 7.1.1. | ||
IBM Tivoli Storage Manager Server 6.3 | IT02298 | Please call IBM service, referencing APAR IT02298. |
IBM Service will provide GSKIT installation files and install instructions to install GSKIT 8.0.14.43 ( or higher ). | ||
A fix will also be provided as part of level 6.3.5. | ||
IBM Tivoli Storage Manager Server 6.2 | IT02298 | Please call IBM service, referencing APAR IT02298. |
IBM Service will provide GSKIT installation files and install instructions to install GSKIT 7.0.4.50 ( or higher ). | ||
A fix will also be provided as part of level 6.2.7. | ||
IBM Tivoli Storage Manager Server 6.1 and 5.5, on AIX and Windows only | ||
Please note that IBM has previously announced End of Support for these versions, effective April 30, 2014. | ||
IBM recommends using the Workaround specified below, or upgrading to a fixed, supported release |
Remove the ability for users to use SSL sessions by changing the server and/or storage agent option files to remove the SSL communication options