Release date:
Updated on:
Affected Systems:
IBM Tivoli Directory Server 6.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2010-4476
IBM Tivoli Directory Server is an enterprise identity management software.
IBM Tivoli Directory Server has multiple implementation vulnerabilities that can be exploited by malicious users to expose sensitive information and cause denial of service (DoS) control to be affected systems.
1) the application is bundled with the affected version of IBM Java.
When processing some requests in 2's, ibmslapd.exe has an error, which may cause stack buffer overflow.
3) when the backend server is configured for the audit extension operation, the TDS proxy server stores the user's password in the plain text of the audit log.
<* Source: Francis Provencher
Link: http://www.ibm.com/support/docview.wss? Uid = swg21474615
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/