IBM Tivoli Directory Server Paged Search Request Processing Error Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1026938 |
|
SecurityTracker URL: http://securitytracker.com/id/1026938
|
|
CVE Reference:
CVE-2012-0743
(Links to External Site)
|
Date: Apr 18 2012
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.1, 6.2, 6.3
|
Description:
A vulnerability was reported in IBM Tivoli Directory Server. A remote user can cause denial of service conditions.
A remote user can send a specially crafted request that uses one connection for two separate paged searches to cause the target LDAP service to crash.
Systems with paged searches enabled are affected.
|
Impact:
A remote user can cause the LDAP service to crash.
|
Solution:
The vendor has issued a fix.
6.1: APAR IO15707: 6.1.0.47-ISS-ITDS-IF0047
6.2: APAR IO16001: 6.2.0.22-ISS-ITDS-IF0022
6.3: APAR IO16002: 6.3.0.11-ISS-ITDS-IF0011
The vendor's advisory is available at:
http://www-01.ibm.com/support/docview.wss?uid=swg21591267
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21591267 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2003), Windows (2008)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 18 Apr 2012 02:27:48 +0000
Subject: IBM Tivoli Directory Server
|
http://www-01.ibm.com/support/docview.wss?uid=swg21591267
CVE-2012-0743
|
|
