slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tivoli_directory_server | Ibm | 5.2.0 (including) | 5.2.0 (including) |
| Tivoli_directory_server | Ibm | 6.0 (including) | 6.0 (including) |
References
- http://secunia.com/advisories/17484
- http://securitytracker.com/id?1015171
- http://www-1.ibm.com/support/docview.wss?rs=767\u0026context=SSVJJU\u0026dc=D400\u0026uid=swg24010819\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en
- http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247
- http://www-1.ibm.com/support/docview.wss?uid=swg21222159
- http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IO02697\u0026apar=only
- http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IO02714\u0026apar=only
- http://www.kb.cert.org/vuls/id/194753
- http://www.osvdb.org/20672
- http://www.securityfocus.com/bid/15367
- http://www.vupen.com/english/advisories/2005/2356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22989
- http://secunia.com/advisories/17484
- http://securitytracker.com/id?1015171
- http://www-1.ibm.com/support/docview.wss?rs=767\u0026context=SSVJJU\u0026dc=D400\u0026uid=swg24010819\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en
- http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247
- http://www-1.ibm.com/support/docview.wss?uid=swg21222159
- http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IO02697\u0026apar=only
- http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IO02714\u0026apar=only
- http://www.kb.cert.org/vuls/id/194753
- http://www.osvdb.org/20672
- http://www.securityfocus.com/bid/15367
- http://www.vupen.com/english/advisories/2005/2356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22989