IBM Tivoli Directory Server Unspecified Security Bypass Vulnerability - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

IBM Tivoli Directory Server Unspecified Security Bypass Vulnerability

Secunia Advisory:	SA17484
Release Date:	2005-11-09
Last Update:	2005-11-24

Critical:	Moderately critical
Impact:	Security Bypass
Where:	From local network
Solution Status:	Vendor Patch

OS:	AIX 5.x

Software:	DB2 Content Manager 8.x IBM Tivoli Access Manager for Business Integration 5.x IBM Tivoli Access Manager for e-business 5.x IBM Tivoli Access Manager for Operating Systems 5.x IBM Tivoli Directory Integrator 5.x IBM Tivoli Directory Integrator 6.x IBM Tivoli Directory Server 5.x IBM Tivoli Directory Server 6.x IBM Tivoli Federated Identity Manager 6.x IBM Tivoli Identity Manager 4.x IBM Tivoli Intelligent Orchestrator 3.x IBM Tivoli Provisioning Manager 2.x IBM Tivoli Provisioning Manager 3.x IBM WebSphere Business Integration for Healthcare Collaborative Network 1.x IBM WebSphere Portal for Multiplatforms 4.x IBM WebSphere Portal for Multiplatforms 5.x

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server. The vulnerability has been reported in version 5.2.0 and 6.0.0. ITDS is included with the following products: * Tivoli Identity Manager version 4.6 (ITDS version 6.0.0). * Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0). * Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0). * Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0). * Tivoli Intelligent ThinkDynamic Orchestrator, version 2.1.0 (ITDS version 5.2.0). * Tivoli Intelligent Orchestrator, version 3.1.0 (ITDS version 5.2.0). * Tivoli Provisioning Manager, version 2.1.0 (ITDS version 5.2.0). * Tivoli Provisioning Manager, version 3.1.0 (ITDS version 5.2.0). * WebSphere Business Integration for Healthcare Collaborative Network 1.0 * WebSphere Portal for Multiplatforms version 4.1.6, 4.2, 4.2.1, and 4.2.2 * WebSphere Portal for Multiplatforms version 5.0, 5.0.2, and 5.0.2.1 to 5.0.2.3, * WebSphere Portal for Multiplatforms version 5.1.0.1 and 5.1.0.2. * AIX 5.2 and 5.3. * DB2 Content Manager version 8.2 and 8.3. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Solution: Apply patches. ITDS Version 5.2.0: Apply APAR IO02697. http://www-306.ibm.com/software/sysmgmt/products/support/ ITDS Version 5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update ITDS to fixpack 3): Apply cumulative interim fix 1. http://www-1.ibm.com/support/docview.wss?uid=swg24010820 ITDS Version 5.2.0.3-TIV-ITDS-IF0007: Apply cumulative interim fix 7. http://www-1.ibm.com/support/docview.wss?uid=swg24010821 ITDS Version 5.2.0.3-TIV-ITDS-LA0011: Contact IBM Tivoli Support organization. ITDS Version 6.0.0: Apply APAR IO02714. http://www-306.ibm.com/software/sysmgmt/products/support/ ITDS Version 6.0.0.1-TIV-ITDS-IF0001: Apply cumulative interim fix 1. http://www-1.ibm.com/support/docview.wss?uid=swg24010819 AIX Version 5 APARs can be downloaded from: http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html Provided and/or discovered by: Reported by vendor. Changelog: 2005-11-10: Updated list of affected products. Updated "Description" and "Original Advisory" sections. 2005-11-15: Updated list of affected products. Updated "Description", "Solution" and "Original Advisory" sections. 2005-11-18: Added link to US-CERT vulnerability note. 2005-11-24: Updated list of affected products. Updated "Description" and "Original Advisory" sections. Original Advisory: http://www-1.ibm.com/support/docview.wss?uid=swg21222172 http://www-1.ibm.com/support/docview.wss?uid=swg21222159 http://www-1.ibm.com/support/docview.wss?uid=swg21221665 http://www-1.ibm.com/support/docview.wss?uid=swg21222123 http://www-1.ibm.com/support/docview.wss?uid=swg21222124 http://www-1.ibm.com/support/docview.wss?uid=swg21222125 http://www-1.ibm.com/support/docview.wss?uid=swg21222126 http://www-1.ibm.com/support/docview.wss?uid=swg21222127 http://www-1.ibm.com/support/docview.wss?uid=swg21222128 http://www-1.ibm.com/support/docview.wss?uid=swg21222129 http://www-1.ibm.com/support/docview.wss?uid=swg21222130 http://www-1.ibm.com/support/docview.wss?uid=swg21222131 http://www-1.ibm.com/support/docview.wss?uid=swg21222132 http://www-1.ibm.com/support/docview.wss?uid=swg21222133 http://www-1.ibm.com/support/docview.wss?uid=swg21222261 http://www-1.ibm.com/support/docview.wss?uid=swg21222262 http://www-1.ibm.com/support/docview.wss?uid=swg21222267 http://www-1.ibm.com/support/docview.wss?uid=swg21222319 http://www-1.ibm.com/support/docview.wss?uid=swg21222676 http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247 http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX52SECUR081511_678 http://www-1.ibm.com/support/docview.wss?uid=swg21223586 Other References: US-CERT VU#194753: http://www.kb.cert.org/vuls/id/194753



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

106 Related Secunia Security Advisories, displaying 10

1. IBM Tivoli Directory Server Double-Free Vulnerability

2. IBM AIX update for OpenSSH

3. IBM AIX ftpd "quote cwd" Full Path Disclosure Weakness

4. IBM AIX Multiple Vulnerabilities

5. IBM DB2 Content Manager AllowedTrustedLogin Security Issue

6. IBM AIX Multiple Vulnerabilities

7. IBM AIX "reboot" Buffer Overflow Vulnerability

8. AIX "man" Insecure Program Execution Vulnerability

9. IBM AIX libc "inet_network()" Off-By-One Vulnerability

10. IBM AIX X Server Multiple Vulnerabilities

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Mozilla Firefox Multiple Vulnerabilities

2.	Opera for Windows Unspecified Code Execution

3.	VLC Media Player WAV Processing Integer Overflow

4.	PCRE pcre_compile.c Buffer Overflow Vulnerability

5.	GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability

6.	Opera Canvas Functions Information Disclosure

7.	Internet Explorer 7 Frame Location Handling Vulnerability

8.	Mozilla Thunderbird Multiple Vulnerabilities

9.	UnixWare ReliantHA Privilege Escalation Vulnerabilities

10.	Fedora update for glib2