IBM
Tivoli Directory Server Null Pointer Dereference DoS Vulnerability
Date Discovered:
01/14/2009
Severity:
High
Applications Affected:
IBM Tivoli Directory
Server 6.2
Type:
Remote
Identifiers:
CVE-2010-0312
Synopsis
IBM
Tivoli Directory Server is prone to remote denial of service
vulnerability, which could be exploited to cause denial of service
condition in security context of logged-in user.
Recommended Actions
Allow only trusted users.
Threat Analysis
IBM Tivoli Directory Server previously
recognized as IBM Directory Server. IBM Tivoli Directory Server is a
powerful and security-rich enterprise directory for business intranets
and the Internet.
IBM Tivoli Directory Server is prone to remote denial of service
vulnerability. This vulnerability exists in
“do_extendedOp” function in ibmslapd in IBM Tivoli
Directory Server via crafted SecureWay Event Registration Request.
Successful exploitation allows remote attackers to cause the
target ibmslapd daemon to crash, resulting in denial
of
service condition.
