Sweet32 exposes a problem in the Triple DES algothorim for sessions that receive more than 2 GBytes of data on an encrypted session. Once beyond that amount of data, the algorithm allows for a intrusion that can be more easily decrypted.
CVE(s): CVE-2016-2183
Affected product(s) and affected version(s):
This problem affects the following distributed Communications Server products:
5725H32 – Communications Server for Data Center Deployment, V7.0
5765E51 – Communications Server for AIX, V6.4
5724I33 – Communications Server for Linux, V6.4
5724I34 – Communications Server for Linux on System z, V6.4
5639F25 – Communications Server for Windows, V6.4, V6.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gIVyC5
X-Force Database: http://ift.tt/2dR3VyC
from IBM Product Security Incident Response Team http://ift.tt/2hOGV5j
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.