CVE-2008-2943
IBM Tivoli Directory Server 6.1.x - Adding 'ibm-globalAdminGroup' Entry Denial of Service
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.
Vulnerabilidad de doble libreación en IBM Tivoli Directory Server (TDS) 6.1.0.0 hasta 6.1.0.15 que permite a los administradores la autenticación remota para causar una denegación de servicios (ABEND) y posiblemente ejecutar códico arbitrario utilizando ldapadd para conseguir crear un duplicado en la base de datos de entrada ibm-globalAdminGroup LDAP.
NOTA: el vendedor declara "no hya un riesgo real de vulnerabilidad", aunque hay posibles escenarios en los que un usuario puede hacer peticiones al LDAP administrativo pero no tiene privilegios para parar el servidor
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-06-30 CVE Reserved
- 2008-06-30 CVE Published
- 2008-06-30 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/30010 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1970 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43465 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31999 | 2008-06-30 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30786 | 2017-08-08 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.0 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.1 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.2 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.3 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.4 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.5 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.6 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.6" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.7 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.7" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.8 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.8" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.9 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.9" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.10 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.10" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.11 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.11" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.12 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.12" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.13 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.13" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.14 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.14" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | 6.1.0.15 Search vendor "Ibm" for product "Tivoli Directory Server" and version "6.1.0.15" | - |
Affected
| ||||||