IBM Affected

Notified:  June 01, 2001 Updated: May 20, 2002



Vendor Statement

IBM and Tivoli are currently investigating the details of the vulnerabilities in the various versions of the SecureWay product family. Fixes are being implemented as these details become known. Fixes will be posted to the download sites (IBM or Tivoli) for the affected platform. See under "Server Downloads" or "Software Downloads" for links to the fix distribution sites.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


IBM has provided the following details regarding these vulnerabilities: Platform Failed Test Cases(index#/category) Failure Symptoms Solaris #136/E0 encoding exception-invalid Server crash encodings for L field of BER encoding. Solaris #6119/O7 application exception Server crash -large number of continuous attributes offered to attribute field. Windows 2000 #452/E0 encoding exception Server crash -invalid encodings for L field of BER encoding. Windows 2000 #5554/O4 application exception- Server crash large number of continuous initial substring offered to substring filter.