IBM Support

IT14164: A HASH SELECTOR VULNERABILITY IN IBM GSKIT AFFECTS IBM DATAPOWER GATEWAYS.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • IBM GSKit could allow a remote attacker to obtain sensitive
    information, caused by an MD5 collision. An attacker could
    exploit this vulnerability to obtain authentication credentials.
    

Local fix

Problem summary

  • Updated GSKit to solve PSIRT Hash Selection vulnerability
    

Problem conclusion

  • The fix is available in 6.0.0.19, 6.0.1.15, 7.0.0.12, 7.1.0.9,
    7.2.0.4 and 7.5.0.0
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT14164

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    720

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-03-07

  • Closed date

    2016-03-07

  • Last modified date

    2016-03-08

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • 0
    

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R720 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCXUFY","label":"General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
08 March 2016