Fixes are available
IBM Tivoli Directory Server, Version 6.1.0-TIV-ITDS-FP0006 (126.96.36.199)
Tivoli Directory Server, Version 188.8.131.52-ISS-ITDS-IF0048
Tivoli Directory Server, Version 184.108.40.206-ISS-ITDS-IF0049
Tivoli Directory Server, Version 220.127.116.11-ISS-ITDS-IF0054
Tivoli Directory Server, Version 18.104.22.168-ISS-ITDS-IF0055
Tivoli Directory Server, Version 22.214.171.124-ISS-ITDS-IF0056
Tivoli Directory Server, Version 126.96.36.199-ISS-ITDS-IF0057
Tivoli Directory Server, Version 188.8.131.52-ISS-ITDS-IF0058
Closed as program error.
Using TDS server version 184.108.40.206 - 220.127.116.11, ldapadd the following entry using administrator bind: dn: globalGroupName=GlobalAdminGroup,cn=ibmpolicies globalGroupName: GlobalAdminGroup objectclass: top objectclass: ibm-globalAdminGroup A double free crashes server w/ SIGSEGV on most platforms.
There is no real risk of a vulnerability because: a) Only an administrator is allowed to modify this entry. A non-admin bind cannot crash the server this way. b) An administrator would never need to do add this entry because it is always created by the server automatically at startup. Indeed, the error is partly caused because we're adding an entry which already exists. So the work around is simply "don't do this", no one would ever need to anyway.
2 different pointer references to the same allocated memory were being freed. The fix is to NULL both pointer references whenever either one is freed so that we know not to free them both.
The fix for this APAR will be contained in the following maintenance packages: | fix pack | 6.1.0-TIV-ITDS-FP0002 |
Reported component name
IBM TIV DIR SER
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
IBM TIV DIR SER
Fixed component ID
Applicable component levels