CVE-2018-1427

Name of the Vulnerable Software and Affected Versions IBM GSKit (IBM DB2 for Linux, UNIX and Windows) versions 9.7 through 11.1

Description The issue concerns a local denial of service through environment variable overflows and a weakness in the GSKit CMS KDB logic. This logic fails to properly salt the hash function, resulting in weaker protection of passwords, which may allow a weak password to be recovered.

Recommendations For versions 9.7 through 11.1, update to a version that addresses these issues and change passwords to ensure they are stored more securely. As a temporary workaround, consider restricting access to sensitive areas until the update can be applied.