Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Direct for UNIX is affected by a security vulnerability in OpenSSL

 

Systems Affected


IBM Sterling Connect: Direct for UNIX 4.0.00 and 4.1.0

Threat Level


<

Low


Overview


A security vulnerability has been discovered in the OpenSSL libraries included in IBM Sterling Connect:Direct for UNIX that results in a security vulnerability in IBM Sterling Connect:Direct for UNIX.


Description


IBM Sterling Connect:Direct for UNIX uses OpenSSL libraries for cryptography and is vulnerable to a security vulnerability discovered in the OpenSSL libraries. The SSL 3.0 implementation in OpenSSL version used by Sterling Connect:Direct for UNIX does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72130 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)


Impact



Solution/ Workarounds


  • Version 4.1.0: apply the workaround until 4.2.0 is available (target timeframe Q2 2014)
  • Version 4.1.0: apply the workaround until 4.2.0 is available (target timeframe Q2 2014)


References


AUS-CERT http://www-01.ibm.com/support/docview.wss?uid=swg21651176


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.