Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2943

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-2943
Last Modified 07 Mar 2011 10:09:59
Published 30 Jun 2008 05:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-2943

Summary

Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.

Vulnerable Systems

Application

  • Ibm Tivoli Directory Server 6.1.0.0

  • Ibm Tivoli Directory Server 6.1.0.1

  • Ibm Tivoli Directory Server 6.1.0.10

  • Ibm Tivoli Directory Server 6.1.0.11

  • Ibm Tivoli Directory Server 6.1.0.12

  • Ibm Tivoli Directory Server 6.1.0.13

  • Ibm Tivoli Directory Server 6.1.0.14

  • Ibm Tivoli Directory Server 6.1.0.15

  • Ibm Tivoli Directory Server 6.1.0.2

  • Ibm Tivoli Directory Server 6.1.0.3

  • Ibm Tivoli Directory Server 6.1.0.4

  • Ibm Tivoli Directory Server 6.1.0.5

  • Ibm Tivoli Directory Server 6.1.0.6

  • Ibm Tivoli Directory Server 6.1.0.7

  • Ibm Tivoli Directory Server 6.1.0.8

  • Ibm Tivoli Directory Server 6.1.0.9


References

XF - tivoli-directory-ldapadd-dos(43465)

VUPEN - ADV-2008-1970

BID - 30010

AIXAPAR - IO09113

SECUNIA - 30786


Last Updated: 27 May 2016 10:48:02