IBM Information for VU#505564

IBM SecureWay Directory is vulnerable to denial-of-service attacks via LDAP handling code



Vendor Statement

IBM and Tivoli are currently investigating the details of the vulnerabilities in the various versions of the SecureWay product family.

Fixes are being implemented as these details become known.

Fixes will be posted to the download sites (IBM or Tivoli) for the affected platform. See under "Server Downloads" or "Software Downloads" for links to the fix distribution sites.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



IBM has provided the following details regarding these vulnerabilities:

Platform         Failed Test Cases(index#/category)       Failure Symptoms

Solaris          #136/E0 encoding exception-invalid       Server crash
                encodings for L field of BER

Solaris          #6119/O7 application exception           Server crash
                -large number of continuous
                attributes offered to attribute

Windows 2000     #452/E0 encoding exception               Server crash
                -invalid encodings for L
                field of BER encoding.

Windows 2000     #5554/O4 application exception-          Server crash
                large number of continuous
                initial substring offered to
                substring filter.

If you have feedback, comments, or additional information about this vulnerability, please send us email.