Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server. The vulnerability has been reported in version 5.2.0 and 6.0.0. ITDS is included with the following products: * Tivoli Identity Manager version 4.6 (ITDS version 6.0.0). * Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0). * Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0). * Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0).
019446e877cf49593e56b8e865deaee94bc89e2cbdb9da9beaaf060abee7157c
TITLE:
IBM Tivoli Directory Server Unspecified Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA17484
VERIFY ADVISORY:
http://secunia.com/advisories/17484/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
>From local network
SOFTWARE:
IBM Tivoli Identity Manager 4.x
http://secunia.com/product/6076/
IBM Tivoli Federated Identity Manager 6.x
http://secunia.com/product/6080/
IBM Tivoli Access Manager for Business Integration 5.x
http://secunia.com/product/3541/
IBM Tivoli Access Manager for e-business 5.x
http://secunia.com/product/3529/
IBM Tivoli Access Manager for Operating Systems 5.x
http://secunia.com/product/6077/
IBM Tivoli Directory Integrator 5.x
http://secunia.com/product/6078/
IBM Tivoli Directory Integrator 6.x
http://secunia.com/product/6079/
IBM Tivoli Directory Server 5.x
http://secunia.com/product/3540/
IBM Tivoli Directory Server 6.x
http://secunia.com/product/6075/
DESCRIPTION:
A vulnerability has been reported in IBM Tivoli Directory Server
(ITDS), which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is caused due to an unspecified error and can be
exploited to change, modify and/or delete directory data stored in
the IBM Tivoli Directory Server.
The vulnerability has been reported in version 5.2.0 and 6.0.0.
ITDS is included with the following products:
* Tivoli Identity Manager version 4.6 (ITDS version 6.0.0).
* Tivoli Access Manager for Business Integration (AMBI) version 5.1
(ITDS version 5.2.0).
* Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS
version 5.2.0).
* Tivoli Access Manager for Operating Systems (TAMOS) version 5.1
(ITDS version 5.2.0).
* Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0
(ITDS version 5.2.0).
* Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0).
SOLUTION:
Apply patches.
ITDS Version 5.2.0:
Apply APAR IO02697.
ITDS Version 5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update
ITDS to fixpack 3):
Apply cumulative interim fix 1.
http://www-1.ibm.com/support/docview.wss?uid=swg24010820
ITDS Version 5.2.0.3-TIV-ITDS-IF0007:
Apply cumulative interim fix 7.
http://www-1.ibm.com/support/docview.wss?uid=swg24010821
ITDS Version 5.2.0.3-TIV-ITDS-LA0011:
Contact IBM Tivoli Support organization.
ITDS Version 6.0.0:
Apply APAR IO02714.
ITDS Version 6.0.0.1-TIV-ITDS-IF0001:
Apply cumulative interim fix 1.
http://www-1.ibm.com/support/docview.wss?uid=swg24010819
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www-1.ibm.com/support/docview.wss?uid=swg21222172
http://www-1.ibm.com/support/docview.wss?uid=swg21222159
http://www-1.ibm.com/support/docview.wss?uid=swg21221665
http://www-1.ibm.com/support/docview.wss?uid=swg21222123
http://www-1.ibm.com/support/docview.wss?uid=swg21222124
http://www-1.ibm.com/support/docview.wss?uid=swg21222125
http://www-1.ibm.com/support/docview.wss?uid=swg21222126
http://www-1.ibm.com/support/docview.wss?uid=swg21222127
http://www-1.ibm.com/support/docview.wss?uid=swg21222128
http://www-1.ibm.com/support/docview.wss?uid=swg21222129
http://www-1.ibm.com/support/docview.wss?uid=swg21222130
http://www-1.ibm.com/support/docview.wss?uid=swg21222131
http://www-1.ibm.com/support/docview.wss?uid=swg21222132
http://www-1.ibm.com/support/docview.wss?uid=swg21222133
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------