| VID |
12082 |
| Severity |
40 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The IBM Tivoli Directory server is vulnerable to a denial of service vulnerability by the ProtoVer LDAP test suite. IBM Tivoli Directory Server version 6.0 and earlier versions are vulnerable to a denial of service attack, caused by a vulnerability in the LDAP (Lightweight Directory Access Protocol) implementation. By sending a specially-crafted LDAP search request, a remote attacker could crash an affected LDAP service. It may also be possible for this vulnerability to be exploited to execute arbitrary code on the system. This vulnerability was discovered with test 2532 in the ProtoVer Sample LDAP test suite.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21230820
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002921.html
http://www.frsirt.com/english/advisories/2006/0537
http://secunia.com/advisories/18779/
http://www.gleg.net/protover_ldap.shtml
* Platforms Affected:
IBM Directory Server version 4.1 (all platforms except AIX)
IBM Directory Server versions 5.1 and 5.2 (all platforms except AIX)
IBM Directory Server version 6.0 (all platforms except AIX)
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of February 2006.
Apply the appropriate patches, when it becomes available from the IBM Web site at http://www-1.ibm.com/support/docview.wss?uid=swg21230820 |
| Related URL |
CVE-2006-0717 (CVE) |
| Related URL |
16593 (SecurityFocus) |
| Related URL |
24619 (ISS) |
|
