Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in GSKit (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Abstract Vulnerabilities in IBM Global Security Kit GSKit, shipped as part of IBM Tivoli Composite Application Manager for Transactions ITCAM for Transactions. Content VULNERABILITY DETAILS: Security vulnerabilities have been discovered in the GSKit libraries. ITCAM for Transactions uses the GSKi...

IBM Rational ClearQuest 7.1.x < 7.1.2.8 / 8.0.0.x < 8.0.0.4 GSKit Spoofing (credentialed check)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.8 / 8.0.0.x prior to 8.0.0.4 installed. It is, therefore, affected by a spoofing vulnerability related to the included Global Security Kit GSKit and certificate objects. The GSKit does not enforce file integrity of the...

Format string

IBM Global Security Kit aka GSKit before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS 12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via...