Security Bulletin: Vulnerability in GSKit affects IBM Tivoli Directory Server and IBM Security Directory Server for AIX/VIOS (CVE-2016-0201)

Summary

A vulnerability has been addressed in the GSKit component of IBM Security Directory Server

Vulnerability Details

CVEID: CVE-2016-0201_
_**
DESCRIPTION:** IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.

CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

AIX 5.3, 6.1, 7.1, 7.2

VIOS 2.2.x

Remediation/Fixes

The GSKit package contains a fix and needs to be installed on AIX/VIOS systems.
**
The fixes for the GSKit components can be downloaded at the following link:**
<http://www-01.ibm.com/support/docview.wss?uid=swg21975404&gt;

Workarounds and Mitigations

None.