Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

IBM Information for VU#505564

Date Notified06/01/2001
Date Modified12/12/2002 06:24:28 PM
Status SummaryVulnerable

Vendor Statement

IBM and Tivoli are currently investigating the details of the vulnerabilities in the various versions of the SecureWay product family.

Fixes are being implemented as these details become known.

Fixes will be posted to the download sites (IBM or Tivoli) for the affected platform. See http://www-1.ibm.com/support under "Server Downloads" or "Software Downloads" for links to the fix distribution sites.

US-CERT Addendum

IBM has provided the following details regarding these vulnerabilities:


Platform         Failed Test Cases(index#/category)       Failure Symptoms

Solaris          #136/E0 encoding exception-invalid       Server crash
                encodings for L field of BER
                encoding.

Solaris          #6119/O7 application exception           Server crash
                -large number of continuous
                attributes offered to attribute
                field.

Windows 2000     #452/E0 encoding exception               Server crash
                -invalid encodings for L
                field of BER encoding.

Windows 2000     #5554/O4 application exception-          Server crash
                large number of continuous
                initial substring offered to
                substring filter.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information