TITLE: IBM Tivoli Directory Server Unspecified Security Bypass Vulnerability SECUNIA ADVISORY ID: SA17484 VERIFY ADVISORY: http://secunia.com/advisories/17484/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: IBM Tivoli Identity Manager 4.x http://secunia.com/product/6076/ IBM Tivoli Federated Identity Manager 6.x http://secunia.com/product/6080/ IBM Tivoli Access Manager for Business Integration 5.x http://secunia.com/product/3541/ IBM Tivoli Access Manager for e-business 5.x http://secunia.com/product/3529/ IBM Tivoli Access Manager for Operating Systems 5.x http://secunia.com/product/6077/ IBM Tivoli Directory Integrator 5.x http://secunia.com/product/6078/ IBM Tivoli Directory Integrator 6.x http://secunia.com/product/6079/ IBM Tivoli Directory Server 5.x http://secunia.com/product/3540/ IBM Tivoli Directory Server 6.x http://secunia.com/product/6075/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Directory Server (ITDS), which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to change, modify and/or delete directory data stored in the IBM Tivoli Directory Server. The vulnerability has been reported in version 5.2.0 and 6.0.0. ITDS is included with the following products: * Tivoli Identity Manager version 4.6 (ITDS version 6.0.0). * Tivoli Access Manager for Business Integration (AMBI) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for e-business (TAM) version 5.1 (ITDS version 5.2.0). * Tivoli Access Manager for Operating Systems (TAMOS) version 5.1 (ITDS version 5.2.0). * Tivoli Directory Integrator (ITDI) version 5.2 and version 6.0 (ITDS version 5.2.0). * Tivoli Federated Identity Manager version 6.0 (ITDS version 5.2.0). SOLUTION: Apply patches. ITDS Version 5.2.0: Apply APAR IO02697. ITDS Version 5.2.0.3-TIV-ITDS-IF0001 or earlier (This will update ITDS to fixpack 3): Apply cumulative interim fix 1. http://www-1.ibm.com/support/docview.wss?uid=swg24010820 ITDS Version 5.2.0.3-TIV-ITDS-IF0007: Apply cumulative interim fix 7. http://www-1.ibm.com/support/docview.wss?uid=swg24010821 ITDS Version 5.2.0.3-TIV-ITDS-LA0011: Contact IBM Tivoli Support organization. ITDS Version 6.0.0: Apply APAR IO02714. ITDS Version 6.0.0.1-TIV-ITDS-IF0001: Apply cumulative interim fix 1. http://www-1.ibm.com/support/docview.wss?uid=swg24010819 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www-1.ibm.com/support/docview.wss?uid=swg21222172 http://www-1.ibm.com/support/docview.wss?uid=swg21222159 http://www-1.ibm.com/support/docview.wss?uid=swg21221665 http://www-1.ibm.com/support/docview.wss?uid=swg21222123 http://www-1.ibm.com/support/docview.wss?uid=swg21222124 http://www-1.ibm.com/support/docview.wss?uid=swg21222125 http://www-1.ibm.com/support/docview.wss?uid=swg21222126 http://www-1.ibm.com/support/docview.wss?uid=swg21222127 http://www-1.ibm.com/support/docview.wss?uid=swg21222128 http://www-1.ibm.com/support/docview.wss?uid=swg21222129 http://www-1.ibm.com/support/docview.wss?uid=swg21222130 http://www-1.ibm.com/support/docview.wss?uid=swg21222131 http://www-1.ibm.com/support/docview.wss?uid=swg21222132 http://www-1.ibm.com/support/docview.wss?uid=swg21222133 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------