SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Directory)  >   IBM Tivoli Directory Server Vendors:   IBM
IBM Tivoli Directory Server Bugs Let Remote Users Execute Arbitrary Code and Local Privileged Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1025358
SecurityTracker URL:  http://securitytracker.com/id/1025358
CVE Reference:   CVE-2011-1206, CVE-2011-1820   (Links to External Site)
Updated:  Apr 22 2011
Original Entry Date:  Apr 14 2011
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.2, 6.0
Description:   Several vulnerabilities were reported in IBM Tivoli Directory Server. A remote user can execute arbitrary code on the target system. A local user can obtain potentially sensitive information.

A remote user can execute arbitrary code on the target system (APAR IO14045 and IO14046)

A local user with privileges to view the audit log or server trace can obtain potentially sensitive information (APAR IO14043 and IO14044).
Impact:   A remote user can execute arbitrary code on the target system.

A local user can obtain potentially sensitive information.
Solution:   The vendor has issued a fix (5.2.0.5-TIV-ITDS-IF0010, 6.0.0.8-TIV-ITDS-IF0009).

The vendor's advisories are available at:

https://www-304.ibm.com/support/docview.wss?uid=swg24029663
https://www-304.ibm.com/support/docview.wss?uid=swg24029672
Vendor URL:  www-304.ibm.com/support/docview.wss?uid=swg24029663 (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Thu, 14 Apr 2011 04:50:03 +0000
Subject:  IBM Tivoli Directory Server


APARs from 6.0.0.8-TIV-ITDS-IF0009 (6.0.0.67 / 3.0028):

APAR IO14043 (CMVC 111915 111948)
Mask sensitive data in audit log and server trace

APAR IO14045 (CMVC 111837 111889 111905)
TDS Remote Code Execution Vulnerability



APARs from 5.2.0.5-TIV-ITDS-IF0010:

APAR IO14044 (CMVC 111915 111948 111971)
Mask sensitive data in server trace

APAR IO14046 (CMVC 111837 111889 111905)
TDS Remote Code Execution Vulnerability


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC