IBM Tivoli Directory Server Unspecified SLAPD Binding Error May Let Remote Users Modify/Delete Data - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Directory) > IBM Tivoli Directory Server

IBM Tivoli Directory Server Unspecified SLAPD Binding Error May Let Remote Users Modify/Delete Data

SecurityTracker Alert ID: 1015171

SecurityTracker URL: http://securitytracker.com/id/1015171

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 9 2005

Impact: Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 5.2.0 and 6.0.0

Description: A vulnerability was reported in IBM Tivoli Directory Server. A remote user may be able to modify or delete directory data on the target system.

An unspecified vulnerability exists in the server's slapd daemon. A user can gain unauthorized access to the directory server to modify or delete directory data.

The vendor discovered this vulnerability.

[Editor's note: It is not clear whether the remote user must be authenticated or not.]

Impact: A remote user may be able to modify or delete directory data.

Solution: The vendor has issued a fix.

For Version 5.2.0: APAR IO02697

5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update ITDS to fixpack 3):

http://www-1.ibm.com/support/docview.wss?uid=swg24010820

5.2.0.3-TIV-ITDS-IF0007

http://www-1.ibm.com/support/docview.wss?uid=swg24010821

5.2.0.3-TIV-ITDS-LA0011 (Contact the IBM Tivoli Support organization)

For Version 6.0.0: APAR IO02714

6.0.0.1-TIV-ITDS-IF0001

http://www-1.ibm.com/support/docview.wss?uid=swg24010819

The vendor's advisory is available at:

http://www-1.ibm.com/support/docview.wss?uid=swg21221665

The vendor indicates that the system may not be vulnerable if the directory server is set to use SSL only with SSL Client Server authentication but still strongly recommends that all customers apply the appropriate update.

Vendor URL: www-1.ibm.com/support/docview.wss?uid=swg21221665 (Links to External Site)

Cause: Access control error, Authentication error

Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000)

Message History: None.

Source Message Contents

Date: Wed, 9 Nov 2005 01:35:40 -0500
Subject: Potential Security Vulnerability For IBM Tivoli Directory Server


http://www-1.ibm.com/support/docview.wss?uid=swg21221665

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC