IBM Information for VU#505564
IBM SecureWay Directory is vulnerable to denial-of-service attacks via LDAP handling code
- Vendor Information Help Date Notified: 01 Jun 2001
- Statement Date:
- Date Updated: 20 May 2002
IBM and Tivoli are currently investigating the details of the vulnerabilities in the various versions of the SecureWay product family.
Fixes are being implemented as these details become known.
Fixes will be posted to the download sites (IBM or Tivoli) for the affected platform. See http://www-1.ibm.com/support under "Server Downloads" or "Software Downloads" for links to the fix distribution sites.
The vendor has not provided us with any further information regarding this vulnerability.
IBM has provided the following details regarding these vulnerabilities:
Platform Failed Test Cases(index#/category) Failure Symptoms
Solaris #136/E0 encoding exception-invalid Server crash
encodings for L field of BER
Solaris #6119/O7 application exception Server crash
-large number of continuous
attributes offered to attribute
Windows 2000 #452/E0 encoding exception Server crash
-invalid encodings for L
field of BER encoding.
Windows 2000 #5554/O4 application exception- Server crash
large number of continuous
initial substring offered to
If you have feedback, comments, or additional information about this vulnerability, please send us email.