CVE-2008-2943

Description

Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.

Affected products

• ibm / tivoli_directory_server6.1.0.0 – 6.1.0.0
• ibm / tivoli_directory_server6.1.0.1 – 6.1.0.1
• ibm / tivoli_directory_server6.1.0.2 – 6.1.0.2
• ibm / tivoli_directory_server6.1.0.3 – 6.1.0.3
• ibm / tivoli_directory_server6.1.0.4 – 6.1.0.4
• ibm / tivoli_directory_server6.1.0.5 – 6.1.0.5
• ibm / tivoli_directory_server6.1.0.6 – 6.1.0.6
• ibm / tivoli_directory_server6.1.0.7 – 6.1.0.7
• ibm / tivoli_directory_server6.1.0.8 – 6.1.0.8
• ibm / tivoli_directory_server6.1.0.9 – 6.1.0.9
• ibm / tivoli_directory_server6.1.0.10 – 6.1.0.10
• ibm / tivoli_directory_server6.1.0.11 – 6.1.0.11
• ibm / tivoli_directory_server6.1.0.12 – 6.1.0.12
• ibm / tivoli_directory_server6.1.0.13 – 6.1.0.13
• ibm / tivoli_directory_server6.1.0.14 – 6.1.0.14
• ibm / tivoli_directory_server6.1.0.15 – 6.1.0.15

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43465
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/1970
• MISChttp://www-1.ibm.com/support/docview.wss?uid=swg1IO09113
• MISChttp://www.securityfocus.com/bid/30010
• VENDOR_ADVISORYhttp://secunia.com/advisories/30786