IBM Support

IO11840: eSIP IBM20100125-1140: LDAP do_extendedOp DoS vulnerability

Direct links to fixes

6.2.0.41-ISS-ITDS-AIX-IF0041
6.2.0.41-ISS-ITDS-HPUXIA64-IF0041
6.2.0.41-ISS-ITDS-Linux32-IF0041
6.2.0.41-ISS-ITDS-Linuxip-IF0041
6.2.0.41-ISS-ITDS-LinuxX64-IF0041
6.2.0.41-ISS-ITDS-Linuxz-IF0041
6.2.0.41-ISS-ITDS-SolarisSparc-IF0041
6.2.0.41-ISS-ITDS-SolarisX64-IF0041
6.2.0.41-ISS-ITDS-Win32-IF0041
6.2.0.41-ISS-ITDS-WinX64-IF0041
6.2.0.42-ISS-ITDS-AIX-IF0042
6.2.0.42-ISS-ITDS-HPUXIA64-IF0042
6.2.0.42-ISS-ITDS-Linux32-IF0042
6.2.0.42-ISS-ITDS-Linuxip-IF0042
6.2.0.42-ISS-ITDS-LinuxX64-IF0042
6.2.0.42-ISS-ITDS-Linuxz-IF0042
6.2.0.42-ISS-ITDS-SolarisSparc-IF0042
6.2.0.42-ISS-ITDS-SolarisX64-IF0042
6.2.0.42-ISS-ITDS-Win32-IF0042
6.2.0.42-ISS-ITDS-WinX64-IF0042
6.2.0.43-ISS-ITDS-WinX64-IF0043
6.2.0.43-ISS-ITDS-AIX-IF0043
6.2.0.43-ISS-ITDS-HPUXIA64-IF0043
6.2.0.43-ISS-ITDS-Linux32-IF0043
6.2.0.43-ISS-ITDS-Linuxip-IF0043
6.2.0.43-ISS-ITDS-LinuxX64-IF0043
6.2.0.43-ISS-ITDS-Linuxz-IF0043
6.2.0.43-ISS-ITDS-SolarisSparc-IF0043
6.2.0.43-ISS-ITDS-SolarisX64-IF0043
6.2.0.43-ISS-ITDS-Win32-IF0043
6.2.0.44-ISS-ITDS-AIX-IF0044
6.2.0.44-ISS-ITDS-HPUXIA64-IF0044
6.2.0.44-ISS-ITDS-Linux32-IF0044
6.2.0.44-ISS-ITDS-Linuxip-IF0044
6.2.0.44-ISS-ITDS-LinuxX64-IF0044
6.2.0.44-ISS-ITDS-Linuxz-IF0044
6.2.0.44-ISS-ITDS-SolarisSparc-IF0044
6.2.0.44-ISS-ITDS-SolarisX64-IF0044
6.2.0.44-ISS-ITDS-Win32-IF0044
6.2.0.44-ISS-ITDS-WinX64-IF0044
6.2.0.45-ISS-ITDS-AIX-IF0045
6.2.0.45-ISS-ITDS-HPUXIA64-IF0045
6.2.0.45-ISS-ITDS-Linux32-IF0045
6.2.0.45-ISS-ITDS-Linuxip-IF0045
6.2.0.45-ISS-ITDS-LinuxX64-IF0045
6.2.0.45-ISS-ITDS-Linuxz-IF0045
6.2.0.45-ISS-ITDS-SolarisSparc-IF0045
6.2.0.45-ISS-ITDS-SolarisX64-IF0045
6.2.0.45-ISS-ITDS-Win32-IF0045
6.2.0.45-ISS-ITDS-WinX64-IF0045
6.2.0.46-ISS-ITDS-AIX-IF0046
6.2.0.46-ISS-ITDS-HPUXIA64-IF0046
6.2.0.46-ISS-ITDS-Linux32-IF0046
6.2.0.46-ISS-ITDS-Linuxip-IF0046
6.2.0.46-ISS-ITDS-LinuxX64-IF0046
6.2.0.46-ISS-ITDS-Linuxz-IF0046
6.2.0.46-ISS-ITDS-SolarisSparc-IF0046
6.2.0.46-ISS-ITDS-SolarisX64-IF0046
6.2.0.46-ISS-ITDS-Win32-IF0046
6.2.0.46-ISS-ITDS-WinX64-IF0046
6.2.0.47-ISS-ITDS-AIX-IF0047
6.2.0.47-ISS-ITDS-HPUXIA64-IF0047
6.2.0.47-ISS-ITDS-Linux32-IF0047
6.2.0.47-ISS-ITDS-Linuxip-IF0047
6.2.0.47-ISS-ITDS-LinuxX64-IF0047
6.2.0.47-ISS-ITDS-SolarisSparc-IF0047
6.2.0.47-ISS-ITDS-SolarisX64-IF0047
6.2.0.47-ISS-ITDS-Win32-IF0047
6.2.0.47-ISS-ITDS-WinX64-IF0047
6.2.0.47-ISS-ITDS-Linuxz-IF0047
6.2.0.49-ISS-ITDS-AIX-IF0049
6.2.0.49-ISS-ITDS-HPUXIA64-IF0049
6.2.0.49-ISS-ITDS-Linux32-IF0049
6.2.0.49-ISS-ITDS-Linuxip-IF0049
6.2.0.49-ISS-ITDS-LinuxX64-IF0049
6.2.0.49-ISS-ITDS-Linuxz-IF0049
6.2.0.49-ISS-ITDS-SolarisSparc-IF0049
6.2.0.49-ISS-ITDS-SolarisX64-IF0049
6.2.0.49-ISS-ITDS-Win32-IF0049
6.2.0.49-ISS-ITDS-WinX64-IF0049
6.2.0.50-ISS-ITDS-AIX-IF0050
6.2.0.50-ISS-ITDS-HPUXIA64-IF0050
6.2.0.50-ISS-ITDS-Linux32-IF0050
6.2.0.50-ISS-ITDS-Linuxip-IF0050
6.2.0.50-ISS-ITDS-LinuxX64-IF0050
6.2.0.50-ISS-ITDS-Linuxz-IF0050
6.2.0.50-ISS-ITDS-SolarisSparc-IF0050
6.2.0.50-ISS-ITDS-SolarisX64-IF0050
6.2.0.50-ISS-ITDS-Win32-IF0050
6.2.0.50-ISS-ITDS-WinX64-IF0050
6.2.0.51-ISS-ITDS-AIX-IF0051
6.2.0.51-ISS-ITDS-HPUXIA64-IF0051
6.2.0.51-ISS-ITDS-Linux32-IF0051
6.2.0.51-ISS-ITDS-Linuxip-IF0051
6.2.0.51-ISS-ITDS-LinuxX64-IF0051
6.2.0.51-ISS-ITDS-Linuxz-IF0051
6.2.0.51-ISS-ITDS-SolarisSparc-IF0051
6.2.0.51-ISS-ITDS-SolarisX64-IF0051
6.2.0.51-ISS-ITDS-Win32-IF0051
6.2.0.51-ISS-ITDS-WinX64-IF0051
6.2.0.52-ISS-ITDS-AIX-IF0052
6.2.0.52-ISS-ITDS-HPUXIA64-IF0052
6.2.0.52-ISS-ITDS-Linux32-IF0052
6.2.0.52-ISS-ITDS-Linuxip-IF0052
6.2.0.52-ISS-ITDS-LinuxX64-IF0052
6.2.0.52-ISS-ITDS-Linuxz-IF0052
6.2.0.52-ISS-ITDS-SolarisSparc-IF0052
6.2.0.52-ISS-ITDS-SolarisX64-IF0052
6.2.0.52-ISS-ITDS-Win32-IF0052
6.2.0.52-ISS-ITDS-WinX64-IF0052
6.2.0.53-ISS-ITDS-Linuxip-IF0053
6.2.0.53-ISS-ITDS-AIX-IF0053
6.2.0.53-ISS-ITDS-HPUXIA64-IF0053
6.2.0.53-ISS-ITDS-Linux32-IF0053
6.2.0.53-ISS-ITDS-LinuxX64-IF0053
6.2.0.53-ISS-ITDS-Linuxz-IF0053
6.2.0.53-ISS-ITDS-SolarisSparc-IF0053
6.2.0.53-ISS-ITDS-SolarisX64-IF0053
6.2.0.53-ISS-ITDS-Win32-IF0053
6.2.0.53-ISS-ITDS-WinX64-IF0053
6.2.0.54-ISS-ITDS-AIX-IF0054
6.2.0.54-ISS-ITDS-HPUXIA64-IF0054
6.2.0.54-ISS-ITDS-Linux32-IF0054
6.2.0.54-ISS-ITDS-Linuxip-IF0054
6.2.0.54-ISS-ITDS-LinuxX64-IF0054
6.2.0.54-ISS-ITDS-Linuxz-IF0054
6.2.0.54-ISS-ITDS-SolarisSparc-IF0054
6.2.0.54-ISS-ITDS-SolarisX64-IF0054
6.2.0.54-ISS-ITDS-Win32-IF0054
6.2.0.54-ISS-ITDS-WinX64-IF0054
6.2.0.55-ISS-ITDS-AIX-IF0055
6.2.0.55-ISS-ITDS-HPUXIA64-IF0055
6.2.0.55-ISS-ITDS-Linux32-IF0055
6.2.0.55-ISS-ITDS-Linuxip-IF0055
6.2.0.55-ISS-ITDS-LinuxX64-IF0055
6.2.0.55-ISS-ITDS-Linuxz-IF0055
6.2.0.55-ISS-ITDS-SolarisSparc-IF0055
6.2.0.55-ISS-ITDS-SolarisX64-IF0055
6.2.0.55-ISS-ITDS-Win32-IF0055
6.2.0.55-ISS-ITDS-WinX64-IF0055
6.2.0.56-ISS-ITDS-AIX-IF0056
6.2.0.56-ISS-ITDS-HPUXIA64-IF0056
6.2.0.56-ISS-ITDS-Linux32-IF0056
6.2.0.56-ISS-ITDS-Linuxip-IF0056
6.2.0.56-ISS-ITDS-LinuxX64-IF0056
6.2.0.56-ISS-ITDS-Linuxz-IF0056
6.2.0.56-ISS-ITDS-SolarisSparc-IF0056
6.2.0.56-ISS-ITDS-SolarisX64-IF0056
6.2.0.56-ISS-ITDS-Win32-IF0056
6.2.0.56-ISS-ITDS-WinX64-IF0056

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ibmslapd may abend during an extended operation.

ibmslapd.log shows the following error message just before abend

6.0:
GLPSRV005E The LDAP server was unable to decode input data
from the client while processing operation: extended operation.

6.1/6.2:
GLPSRV005E Server was unable to decode input data from the
client (connection ID: 2, IP address: 127.0.0.1, Port: 7559)
while processing operation: extended operation.

This problem is observed with Tivoli Directory Server on these
platforms: Linux, Solaris and Windows.

This problem is NOT observed on these platforms: AIX and HP-UX.

Local fix

  • No known work around

Problem summary

  • When parsing a malformed ldap extended operation, the server
correctly detects and rejects the invalid request, but while
processing the error, it attempts to compare the NULL operation
OID with specific constants. This resulted in a SIGSEGV on
Linux, Solaris and Windows platforms. AIX and HP-UX allow this
and respond correctly with LDAP_PROTOCOL_ERROR.

Problem conclusion

  • The fix for this APAR will be contained in the following
maintenance packages:
| fix pack | 6.2.0-TIV-ITDS-FP0002 |

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IO11840
    • 

  • Reported component name
    IBM TIV DIR SER
    • 

  • Reported component ID
    5724J3960
    • 

  • Reported release
    620
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2010-01-26
    • 

  • Closed date
    2010-01-28
    • 

  • Last modified date
    2010-01-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
IO11814
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM TIV DIR SER
    • 

  • Fixed component ID
    5724J3960
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            15 February 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback