IBM Tivoli Directory Server Double-Free Vulnerability

Threat Center

Security News

Written by Rebecca Mints

Monday, 30 June 2008 05:36

A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to a double-free error when handling certain requests and can be exploited by adding e.g. a certain existing entry via ldapadd.

Successful exploitation allows to crash the server and potentially to execute arbitrary code, but requires ldap administrator privileges.

The vulnerability is reported in 6.1.0.0 - 6.1.0.15.

Solution:
Update to 6.1.0-TIV-ITDS-FP0002.
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24019673

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113

Gtron Solutions, LLC

WTW Threat Level