|
 |
|
IBM Tivoli Directory Server Unspecified Security Bypass Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA17484
|
|
|
Release Date:
|
2005-11-09
|
|
Last Update:
|
2005-11-24
|
|
|
Critical:
|

Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | AIX 5.x
|
| | Software: | DB2 Content Manager 8.x IBM Tivoli Access Manager for Business Integration 5.x IBM Tivoli Access Manager for e-business 5.x IBM Tivoli Access Manager for Operating Systems 5.x IBM Tivoli Directory Integrator 5.x IBM Tivoli Directory Integrator 6.x IBM Tivoli Directory Server 5.x IBM Tivoli Directory Server 6.x IBM Tivoli Federated Identity Manager 6.x IBM Tivoli Identity Manager 4.x IBM Tivoli Intelligent Orchestrator 3.x IBM Tivoli Provisioning Manager 2.x IBM Tivoli Provisioning Manager 3.x IBM WebSphere Business Integration for Healthcare Collaborative Network 1.x IBM WebSphere Portal for Multiplatforms 4.x IBM WebSphere Portal for Multiplatforms 5.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server.
The vulnerability has been reported in version 5.2.0 and 6.0.0.
ITDS is included with the following products:
* Tivoli Identity Manager version 4.6 (ITDS version 6.0.0).
* Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0).
* Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0).
* Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0).
* Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0).
* Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0).
* Tivoli Intelligent ThinkDynamic Orchestrator, version 2.1.0 (ITDS version 5.2.0).
* Tivoli Intelligent Orchestrator, version 3.1.0 (ITDS version 5.2.0).
* Tivoli Provisioning Manager, version 2.1.0 (ITDS version 5.2.0).
* Tivoli Provisioning Manager, version 3.1.0 (ITDS version 5.2.0).
* WebSphere Business Integration for Healthcare Collaborative Network 1.0
* WebSphere Portal for Multiplatforms version 4.1.6, 4.2, 4.2.1, and 4.2.2
* WebSphere Portal for Multiplatforms version 5.0, 5.0.2, and 5.0.2.1 to 5.0.2.3,
* WebSphere Portal for Multiplatforms version 5.1.0.1 and 5.1.0.2.
* AIX 5.2 and 5.3.
* DB2 Content Manager version 8.2 and 8.3.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Apply patches.
ITDS Version 5.2.0:
Apply APAR IO02697.
http://www-306.ibm.com/software/sysmgmt/products/support/
ITDS Version 5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update ITDS to fixpack 3):
Apply cumulative interim fix 1.
http://www-1.ibm.com/support/docview.wss?uid=swg24010820
ITDS Version 5.2.0.3-TIV-ITDS-IF0007:
Apply cumulative interim fix 7.
http://www-1.ibm.com/support/docview.wss?uid=swg24010821
ITDS Version 5.2.0.3-TIV-ITDS-LA0011:
Contact IBM Tivoli Support organization.
ITDS Version 6.0.0:
Apply APAR IO02714.
http://www-306.ibm.com/software/sysmgmt/products/support/
ITDS Version 6.0.0.1-TIV-ITDS-IF0001:
Apply cumulative interim fix 1.
http://www-1.ibm.com/support/docview.wss?uid=swg24010819
AIX Version 5 APARs can be downloaded from:
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html
Provided and/or discovered by: Reported by vendor.
Changelog: 2005-11-10: Updated list of affected products. Updated "Description" and "Original Advisory" sections.
2005-11-15: Updated list of affected products. Updated "Description", "Solution" and "Original Advisory" sections.
2005-11-18: Added link to US-CERT vulnerability note.
2005-11-24: Updated list of affected products. Updated "Description" and "Original Advisory" sections.
Original Advisory: http://www-1.ibm.com/support/docview.wss?uid=swg21222172
http://www-1.ibm.com/support/docview.wss?uid=swg21222159
http://www-1.ibm.com/support/docview.wss?uid=swg21221665
http://www-1.ibm.com/support/docview.wss?uid=swg21222123
http://www-1.ibm.com/support/docview.wss?uid=swg21222124
http://www-1.ibm.com/support/docview.wss?uid=swg21222125
http://www-1.ibm.com/support/docview.wss?uid=swg21222126
http://www-1.ibm.com/support/docview.wss?uid=swg21222127
http://www-1.ibm.com/support/docview.wss?uid=swg21222128
http://www-1.ibm.com/support/docview.wss?uid=swg21222129
http://www-1.ibm.com/support/docview.wss?uid=swg21222130
http://www-1.ibm.com/support/docview.wss?uid=swg21222131
http://www-1.ibm.com/support/docview.wss?uid=swg21222132
http://www-1.ibm.com/support/docview.wss?uid=swg21222133
http://www-1.ibm.com/support/docview.wss?uid=swg21222261
http://www-1.ibm.com/support/docview.wss?uid=swg21222262
http://www-1.ibm.com/support/docview.wss?uid=swg21222267
http://www-1.ibm.com/support/docview.wss?uid=swg21222319
http://www-1.ibm.com/support/docview.wss?uid=swg21222676
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX52SECUR081511_678
http://www-1.ibm.com/support/docview.wss?uid=swg21223586
Other References: US-CERT VU#194753:
http://www.kb.cert.org/vuls/id/194753
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
106 Related Secunia Security Advisories, displaying 10
|
|
|
1. IBM Tivoli Directory Server Double-Free Vulnerability
|
|
2. IBM AIX update for OpenSSH
|
|
3. IBM AIX ftpd "quote cwd" Full Path Disclosure Weakness
|
|
4. IBM AIX Multiple Vulnerabilities
|
|
5. IBM DB2 Content Manager AllowedTrustedLogin Security Issue
|
|
6. IBM AIX Multiple Vulnerabilities
|
|
7. IBM AIX "reboot" Buffer Overflow Vulnerability
|
|
8. AIX "man" Insecure Program Execution Vulnerability
|
|
9. IBM AIX libc "inet_network()" Off-By-One Vulnerability
|
|
10. IBM AIX X Server Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|

|
 |
Secunia PSI Scan | Patch | Track Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|