National Cyber Awareness System

Vulnerability Summary for CVE-2008-2943

Overview

Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: tivoli-directory-ldapadd-dos(43465)

Hyperlink:http://xforce.iss.net/xforce/xfdb/43465

External Source: VUPEN

Name: ADV-2008-1970

Hyperlink:http://www.vupen.com/english/advisories/2008/1970

External Source: BID

Name: 30010

Hyperlink:http://www.securityfocus.com/bid/30010

External Source: AIXAPAR

Name: IO09113

Hyperlink:http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113

External Source: SECUNIA

Name: 30786

Type: Advisory

Hyperlink:http://secunia.com/advisories/30786