Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2203

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2203
Last Modified 17 Aug 2013 02:44:29
Published 08 Aug 2012 06:26:18
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2203

Summary

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.

Vulnerable Systems

Application

  • Ibm Global Security Kit 7.0.4.28

  • Ibm Global Security Kit 7.0.4.29

  • Ibm Global Security Kit 8.0.13

  • Ibm Rational Directory Server

  • Ibm Tivoli Directory Server


References

XF - rds-gskit-pkcs-spoofing(77280)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21606145

BID - 54743

AIXAPAR - IV31975

AIXAPAR - IV31973

SECUNIA - 51279


Last Updated: 27 May 2016 10:53:35