7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.068 Low
EPSS
Percentile
92.9%
IBM Security Directory Server, formerly known as IBM Tivoli Directory Server, is affected by a problem that is related to the Secure Sockets Layer (SSL) implementation. Some conditions can cause the processor utilization to rapidly increase, resulting in a denial of service.
CVE ID: CVE-2014-0963
CVSS and DESCRIPTION: Please refer to the following link:
IBM Security Directory Server CPU utilization (CVE-2014-0963)
AIX 5.3, 6.1 and 7.1.
VIOS 2.2.x
The GSKit package contains a fix and needs to be installed on AIX/VIOS systems.
If your GSKit is older than the corresponding levels that are in the following list, update your GSKit to the specified version, or later. To determine which version of the GSKit component is installed, enter the following command:
lslpp -l | grep -i gsk
The fixes for the GSKit components can be downloaded at the following links:
GSKit V7.0.4.50
GSKit V8.0.14.43
GSKit V8.0.50.20
When you are using GSKitV8, your IBM Security Directory Server or IBM Tivoli Directory Server must be at version 6.3.0.26 or higher. This version avoids a compatibility issue between the IBM Security Directory Server component and the new GSKitV8 fix packs. Refer to the above mentioned link under “CVSS and DESCRIPTIONS”. To determine the installed version of the IBM Security Directory Server, enter the following command:
lslpp -l | grep idsldap