IBM Security Bulletin: IBM Personal Communications with IBM GSKit - Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
GSKit is an IBM component that is used by IBM Personal Communications. The GSKit that is shipped with IBM Personal Communications does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVE(s): CVE-2015-1788 Affected
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_personal_communications_with_ibm_gskit_malformed_ecparameters_causes_infinite_loop_cve_2015_1788?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-1788 ,CVE-2015-1789 ,CVE-2015-1790 ,CVE-2015-1792 ,CVE-2015-1791 ,CVE-2014-8176 ,CVE-2015-4000 ,CVE-2015-0488 ,CVE-2015-2613 ,CVE-2015-2601 ,CVE-2015-2625 ,CVE-2015-1931 ,CVE-2015-0478 ,CVE-2015-1916 and CVE-2015-0204. |