IBM Tivoli Directory Server 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109732 漏洞类型
发布时间 2006-02-11 更新时间 2006-02-17
CVE编号 CVE-2006-0717 CNNVD-ID CNNVD-200602-221
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27196
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-221
|漏洞详情
IBMTivoliDirectoryServer6.0可使远程攻击者借助特制LDAP请求造成拒绝服务(崩溃),如ProtoVerSampleLDAP测试套件中的测试2532演示的那样。
|漏洞EXP
source: http://www.securityfocus.com/bid/16593/info

IBM Tivoli Directory Server is prone to an unspecified memory corruption. This issue may be triggered by malformed LDAP data.

The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.

The vulnerability was reported for version 6.0 on the Linux platform. Other versions or platforms are not known to be affected.

This vulnerability will be updated as further information is made available.

This issue can be reproduced by running the following command for the ProtoVer Sample LDAP testsuite:

./run.py localhost 389 2532 1
|参考资料

来源:XF
名称:tivoli-directory-ldap-dos(24619)
链接:http://xforce.iss.net/xforce/xfdb/24619
来源:BID
名称:16593
链接:http://www.securityfocus.com/bid/16593
来源:VUPEN
名称:ADV-2006-0537
链接:http://www.frsirt.com/english/advisories/2006/0537
来源:SECUNIA
名称:18779
链接:http://secunia.com/advisories/18779
来源:MLIST
名称:[Dailydave]20060211IBMTivoliDirectoryServer0day
链接:http://lists.immunitysec.com/pipermail/dailydave/2006-February/002921.html
来源:www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?uid=swg21230820
来源:SECTRACK
名称:1015653
链接:http://securitytracker.com/id?1015653