IBM Information for VU#505564

IBM SecureWay Directory is vulnerable to denial-of-service attacks via LDAP handling code

Status

Affected

Vendor Statement

IBM and Tivoli are currently investigating the details of the vulnerabilities in the various versions of the SecureWay product family.

Fixes are being implemented as these details become known.

Fixes will be posted to the download sites (IBM or Tivoli) for the affected platform. See http://www-1.ibm.com/support under "Server Downloads" or "Software Downloads" for links to the fix distribution sites.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

IBM has provided the following details regarding these vulnerabilities:

Platform         Failed Test Cases(index#/category)       Failure Symptoms

Solaris          #136/E0 encoding exception-invalid       Server crash
                encodings for L field of BER
                encoding.

Solaris          #6119/O7 application exception           Server crash
                -large number of continuous
                attributes offered to attribute
                field.

Windows 2000     #452/E0 encoding exception               Server crash
                -invalid encodings for L
                field of BER encoding.

Windows 2000     #5554/O4 application exception-          Server crash
                large number of continuous
                initial substring offered to
                substring filter.

If you have feedback, comments, or additional information about this vulnerability, please send us email.