IBM Support

IV31981: SYSROUTE OF IV31971:GSKIT SSL/TLS RECORD LENGTH VULNERABILITY IN TIVOLI ACCESS MANAGER FOR E-BUSINESS (CVE-2012-2191)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A vulnerability has been identified in the GSKIT component
    utilitized by Tivoli Access Manager for e-business (TAM).  A
    specifically crafted malformed SSL/TLS data packet can cause the
    TAM server component using GSKIT to segmentation fault.
    Remediation for this issue is avaiable by upgading affected
    GSKIT 7 versions to version 7.0.4.42 or higher.
    

Local fix

Problem summary

  • A vulnerability has been identified in the GSKI
    T component utilized by Tivoli Access Manager for e-business (TA
    M).  A specifically crafted malformed SSL/TLS data packet can ca
    use the TAM server component using GSKIT to segmentation fault.
    Remediation for the issue is available by upgrading affected GS
    KIT 7 versions to GSKIT 7.0.4.42 or higher.
    

Problem conclusion

  • The fix for this APAR is expected to be cont
    ained in the following maintenance delivery vehicle:
    | fix pack | 6.0.0-ISS-TAM-FP0030
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV31981

  • Reported component name

    ACCESS MGR E-BU

  • Reported component ID

    5724C0800

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-11-14

  • Closed date

    2012-11-15

  • Last modified date

    2012-11-15

  • APAR is sysrouted FROM one or more of the following:

    IV31971

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    ACCESS MGR E-BU

  • Fixed component ID

    5724C0800

Applicable component levels

  • R600 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
15 November 2012