Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF8A43C861DBB3112ABE3D5C29DF8E2334A095F3FCD58059DA6FE567EFA2A0705
HistoryJun 16, 2018 - 9:38 p.m.

Security Bulletin: Vulnerabilities in GSKit 8 affect Tivoli Directory Server and IBM Security Directory Server (CVE-2015-7421, CVE-2015-7420)

2018-06-1621:38:14
www.ibm.com
18

EPSS

0.003

Percentile

69.4%

JSON

Summary

Vulnerabilities were discovered in GSKit 8. Tivoli Directory Server and IBM Security Directory Server use GSKit 8 and have addressed the applicable CVE’s. GSKit 7 is not affected.

Vulnerability Details

CVEID: CVE-2015-7421 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The internal ICC PRNG pool state is duplicated during a fork() system call operation which results in a period of time where child processes may generate identical PRNG output to the parent. This may allow possible attacks related to predicable state which an attacker could exploit.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107695&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-7420 DESCRIPTION: A vulnerability in GSKit could allow a remote attacker to obtain sensitive information. The GSKit PRNG state is duplicated during a fork() system call operation which results in a period of time where child processes may generate identical PRNG output to the parent.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107694&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Tivoli Directory Server 6.3 using GSKit 8.0.50.53 or earlier.
IBM Security Directory Server 6.3.1 using GSKit 8.0.50.53 or earlier.
IBM Security Directory Server 6.4 using GSKit 8.0.50.53 or earlier.
(GSKit 7 is not affected.)

Remediation/Fixes

Product

| GSKit|Fix
—|—|—
Tivoli Directory Server 6.3| 8.0.50.55| 6.3.0.40-ISS-ITDS-IF0040
IBM Security Directory Server 6.3.1| 8.0.50.55| 6.3.1.14-ISS-ISDS-IF0014
IBM Security Directory Server 6.4| 8.0.50.55| 6.4.0.5-ISS-ISDS-IF0005

Workarounds and Mitigations

None

Related

ibm 24
cvelist 2
prion 2
cve 2
nvd 2
nessus 1
ibm
ibm
Security Bulletin: Vulnerabilities in GSKit affect IBM MQ Appliance (CVE-2015-7421, CVE-2015-7420)
2018-06-15 07:04:15
Security Bulletin: Vulnerabilities in GSKit affect IBM Security Access Manager for Mobile (CVE-2015-7421, CVE-2015-7420)
2018-06-16 21:39:02
Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-7421, CVE-2015-7420)
2018-06-15 07:05:41
cvelist
cvelist
CVE-2015-7421
2016-01-01 02:00:00
CVE-2015-7420
2016-01-01 02:00:00
prion
prion
Design/Logic Flaw
2016-01-01 05:59:00
Design/Logic Flaw
2016-01-01 05:59:00
cve
cve
CVE-2015-7421
2016-01-01 05:59:06
CVE-2015-7420
2016-01-01 05:59:05
nvd
nvd
CVE-2015-7421
2016-01-01 05:59:06
CVE-2015-7420
2016-01-01 05:59:05
nessus
nessus
IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)
2020-12-11 00:00:00

EPSS

0.003

Percentile

69.4%

JSON
Related for F8A43C861DBB3112ABE3D5C29DF8E2334A095F3FCD58059DA6FE567EFA2A0705
ibm24cvelist2prion2cve2nvd2nessus1