CVE-2009-3090
https://notcve.org/view.php?id=CVE-2009-3090
Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en IBM Tivoli Directory Server (TDS) v6.0 para Linux permite a atacantes remotos provocar una denegación de servicio mediante vectores no especificados, como se ha demostrado por cierto módulo en VulnDisco Pack Professional 8.11. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36565 •
CVE-2009-3089
https://notcve.org/view.php?id=CVE-2009-3089
IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. IBM Tivoli Directory Server (TDS) v6.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y fin del demonio) mediante vectores no especificados, relacionados con (1) el demonio "ibmslapd.exe" para Windows y (2) el demonio "ibmdiradm" en el servidor de administración para Linux, como se ha demostrado por cierto módulo en VulnDisco Pack Professional v8.11, siendo una vulnerabilidad diferente a CVE-2006-0717. NOTA: hasta el 3-3-2009, esta divulgación no tenía información para su puesta en práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36565 •
CVE-2008-2943 – IBM Tivoli Directory Server 6.1.x - Adding 'ibm-globalAdminGroup' Entry Denial of Service
https://notcve.org/view.php?id=CVE-2008-2943
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server. Vulnerabilidad de doble libreación en IBM Tivoli Directory Server (TDS) 6.1.0.0 hasta 6.1.0.15 que permite a los administradores la autenticación remota para causar una denegación de servicios (ABEND) y posiblemente ejecutar códico arbitrario utilizando ldapadd para conseguir crear un duplicado en la base de datos de entrada ibm-globalAdminGroup LDAP. NOTA: el vendedor declara "no hya un riesgo real de vulnerabilidad", aunque hay posibles escenarios en los que un usuario puede hacer peticiones al LDAP administrativo pero no tiene privilegios para parar el servidor • https://www.exploit-db.com/exploits/31999 http://secunia.com/advisories/30786 http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113 http://www.securityfocus.com/bid/30010 http://www.vupen.com/english/advisories/2008/1970 https://exchange.xforce.ibmcloud.com/vulnerabilities/43465 • CWE-399: Resource Management Errors •
CVE-2006-0717 – IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption
https://notcve.org/view.php?id=CVE-2006-0717
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. • https://www.exploit-db.com/exploits/27196 http://lists.immunitysec.com/pipermail/dailydave/2006-February/002921.html http://secunia.com/advisories/18779 http://securitytracker.com/id?1015653 http://www-1.ibm.com/support/docview.wss?uid=swg21230820 http://www.securityfocus.com/bid/16593 http://www.vupen.com/english/advisories/2006/0537 https://exchange.xforce.ibmcloud.com/vulnerabilities/24619 •
CVE-2005-3567
https://notcve.org/view.php?id=CVE-2005-3567
slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. • http://secunia.com/advisories/17484 http://securitytracker.com/id?1015171 http://www-1.ibm.com/support/docview.wss?rs=767&context=SSVJJU&dc=D400&uid=swg24010819&loc=en_US&cs=UTF-8&lang=en http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247 http://www-1.ibm.com/support/docview.wss?uid=swg21222159 http://www-1.ibm.com/support/search.wss? • CWE-264: Permissions, Privileges, and Access Controls •