SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   IBM Tivoli Directory Server Vendors:   IBM
IBM Tivoli Directory Server Unspecified SLAPD Binding Error May Let Remote Users Modify/Delete Data
SecurityTracker Alert ID:  1015171
SecurityTracker URL:  http://securitytracker.com/id/1015171
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 9 2005
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2.0 and 6.0.0
Description:   A vulnerability was reported in IBM Tivoli Directory Server. A remote user may be able to modify or delete directory data on the target system.

An unspecified vulnerability exists in the server's slapd daemon. A user can gain unauthorized access to the directory server to modify or delete directory data.

The vendor discovered this vulnerability.

[Editor's note: It is not clear whether the remote user must be authenticated or not.]

Impact:   A remote user may be able to modify or delete directory data.
Solution:   The vendor has issued a fix.

For Version 5.2.0: APAR IO02697

5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update ITDS to fixpack 3):

http://www-1.ibm.com/support/docview.wss?uid=swg24010820

5.2.0.3-TIV-ITDS-IF0007

http://www-1.ibm.com/support/docview.wss?uid=swg24010821

5.2.0.3-TIV-ITDS-LA0011 (Contact the IBM Tivoli Support organization)

For Version 6.0.0: APAR IO02714

6.0.0.1-TIV-ITDS-IF0001

http://www-1.ibm.com/support/docview.wss?uid=swg24010819

The vendor's advisory is available at:

http://www-1.ibm.com/support/docview.wss?uid=swg21221665

The vendor indicates that the system may not be vulnerable if the directory server is set to use SSL only with SSL Client Server authentication but still strongly recommends that all customers apply the appropriate update.

Vendor URL:  www-1.ibm.com/support/docview.wss?uid=swg21221665 (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC