CVE-2010-4216
https://notcve.org/view.php?id=CVE-2010-4216
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. IBM Tivoli Directory Server (TDS) v6.0.0.x anterior a v6.0.0.8-TIV-ITDS-IF0007 no maneja adecuadamente las referencias inválidas de búfer en peticiones LDAP BER, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de vectores involucrados con un búfer que tiene una dirección de memoria próxima a la dirección máxima psible. • http://secunia.com/advisories/42116 http://www.ibm.com/support/docview.wss?uid=swg1IO13306 http://www.securityfocus.com/bid/44604 http://www.vupen.com/english/advisories/2010/2863 https://exchange.xforce.ibmcloud.com/vulnerabilities/62977 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2927
https://notcve.org/view.php?id=CVE-2010-2927
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. La función slapi_printmessage en IBM Tivoli Directory Server (ITDS) en versiones anteriores a la 6.0.0.8-TIV-ITDS-IF0006, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante múltiples intentos de conexión DIGEST-MD5 incompletos. • http://osvdb.org/66782 http://secunia.com/advisories/40791 http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399 http://www-01.ibm.com/support/docview.wss?uid=swg24027463 http://www.securityfocus.com/bid/42093 https://exchange.xforce.ibmcloud.com/vulnerabilities/60821 • CWE-287: Improper Authentication •
CVE-2009-3088
https://notcve.org/view.php?id=CVE-2009-3088
Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica en ibmdiradm de IBM Tivoli Directory Server (TDS) v6.0 en Linux permite a atacantes remotos tener un impacto sin especificar a través de vectores de ataque desconocidos que provocan una corrupción de la memoria dinámica, tal como se ha demostrado por ciertos módulos en VulnDisco Pack Professional 8.11. NOTA: a fecha de 03/09/2009, esta información no es explotable. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36565 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3090
https://notcve.org/view.php?id=CVE-2009-3090
Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en IBM Tivoli Directory Server (TDS) v6.0 para Linux permite a atacantes remotos provocar una denegación de servicio mediante vectores no especificados, como se ha demostrado por cierto módulo en VulnDisco Pack Professional 8.11. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36565 •
CVE-2009-3089
https://notcve.org/view.php?id=CVE-2009-3089
IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. IBM Tivoli Directory Server (TDS) v6.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y fin del demonio) mediante vectores no especificados, relacionados con (1) el demonio "ibmslapd.exe" para Windows y (2) el demonio "ibmdiradm" en el servidor de administración para Linux, como se ha demostrado por cierto módulo en VulnDisco Pack Professional v8.11, siendo una vulnerabilidad diferente a CVE-2006-0717. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36565 •