Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Directory)  >   IBM Tivoli Directory Server Vendors:   IBM
IBM Tivoli Directory Server Unspecified SLAPD Binding Error May Let Remote Users Modify/Delete Data
SecurityTracker Alert ID:  1015171
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 9 2005
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2.0 and 6.0.0
Description:   A vulnerability was reported in IBM Tivoli Directory Server. A remote user may be able to modify or delete directory data on the target system.

An unspecified vulnerability exists in the server's slapd daemon. A user can gain unauthorized access to the directory server to modify or delete directory data.

The vendor discovered this vulnerability.

[Editor's note: It is not clear whether the remote user must be authenticated or not.]

Impact:   A remote user may be able to modify or delete directory data.
Solution:   The vendor has issued a fix.

For Version 5.2.0: APAR IO02697 or earlier (This will update ITDS to fixpack 3): (Contact the IBM Tivoli Support organization)

For Version 6.0.0: APAR IO02714

The vendor's advisory is available at:

The vendor indicates that the system may not be vulnerable if the directory server is set to use SSL only with SSL Client Server authentication but still strongly recommends that all customers apply the appropriate update.

Vendor URL: (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC