IBM Director Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018985
|
|
SecurityTracker URL: http://securitytracker.com/id?1018985
|
|
CVE Reference: CVE-2007-5612
(Links to External Site)
|
Date: Nov 21 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.20.1 and prior versions
|
Description: A vulnerability was reported in IBM Director. A remote user can cause denial of service conditions.
A remote user can initiate a number of connections to the target service to consume all available connections and prevent management connections.
US-CERT notes that Juniper reported this vulnerability.
|
Impact: A remote user can prevent management connections.
|
Solution: The vendor has issued a fix (APAR IC54405; 5.20.1 Service Update a or b).
The update is available at:
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?sourc
e=dmp
[Editor's note: No reference to a Linux patch was available on the vendor's web site at the time of this entry.]
|
Vendor URL: www.ibm.com/ (Links to External Site)
|
Cause: Resource error, State error
|
Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 20 Nov 2007 23:37:39 -0500
Subject: IBM Director Systems
|
CVE-2007-5612
|
|
