Technote (troubleshooting)
Problem(Abstract)
There is a potential security exposure in Tivoli Directory Server (TDS) that could affect WebSphere Commerce users.
A malicious LDAP request might cause a buffer overrun in the server, potentially allowing a remote attacker to execute arbitrary code within Tivoli Directory Server's server process. Authentication is
not required to exploit this vulnerability. The vulnerability could affect WebSphere Commerce V6.0 or V7.0 environments using TDS V5.x and V6.x for LDAP.
Resolving the problem
WebSphere Commerce environments using Tivoli Directory Server V5.x or V6.x for LDAP might be vulnerable.
The following versions are at risk:
WebSphere Commerce V6.0 which supports the use of TDS V5.1, V5.2, V6.0, and V6.1.
WebSphere Commerce V7.0 which supports the use of TDS V6.0, V6.1, and V6.2.
For full details on the problem and the available solutions, see the following Tivoli Directory Server document:
Security Vulnerability - CVE-2011-1206 - TDS Remote Code Execution
Related information
Security Vulnerability - CVE-2011-1206
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.