IBM Support

IO13306: Bad BER request could potentially crash Tivoli Directory Server

Direct links to fixes

6.0.0.78-ISS-ITDS-SolarisSparc-IF0078
6.0.0.78-ISS-ITDS-Linuxz31-IF0078
6.0.0.78-ISS-ITDS-Linux32-IF0078
6.0.0.78-ISS-ITDS-HPUXPARISC-IF0078
6.0.0.78-ISS-ITDS-HPUXIA64-IF0078
6.0.0.78-ISS-ITDS-AIX-IF0078
6.0.0.78-ISS-ITDS-Win32-IF0078
6.0.0.77-ISS-ITDS-Win32-IF0077
6.0.0.77-ISS-ITDS-SolarisX64-IF0077
6.0.0.77-ISS-ITDS-SolarisSparc-IF0077
6.0.0.77-ISS-ITDS-Linuxz31-IF0077
6.0.0.77-ISS-ITDS-Linuxip32-IF0077
6.0.0.77-ISS-ITDS-Linux32-IF0077
6.0.0.77-ISS-ITDS-HPUXPARISC-IF0077
6.0.0.77-ISS-ITDS-HPUXIA64-IF0077
6.0.0.77-ISS-ITDS-AIX-IF0077
6.0.0.76-ISS-ITDS-Win32-IF0076
6.0.0.76-ISS-ITDS-SolarisX64-IF0076
6.0.0.76-ISS-ITDS-SolarisSparc-IF0076
6.0.0.76-ISS-ITDS-Linuxz31-IF0076
6.0.0.76-ISS-ITDS-Linuxip32-IF0076
6.0.0.76-ISS-ITDS-Linux32-IF0076
6.0.0.76-ISS-ITDS-HPUXPARISC-IF0076
6.0.0.76-ISS-ITDS-HPUXIA64-IF0076
6.0.0.76-ISS-ITDS-AIX-IF0076
6.0.0.75-ISS-ITDS-Win32-IF0075
6.0.0.75-ISS-ITDS-SolarisX64-IF0075
6.0.0.75-ISS-ITDS-SolarisSparc-IF0075
6.0.0.75-ISS-ITDS-Linuxz31-IF0075
6.0.0.75-ISS-ITDS-Linuxip32-IF0075
6.0.0.75-ISS-ITDS-Linux32-IF0075
6.0.0.75-ISS-ITDS-HPUXPARISC-IF0075
6.0.0.75-ISS-ITDS-HPUXIA64-IF0075
6.0.0.75-ISS-ITDS-AIX-IF0075
6.0.0.74-ISS-ITDS-Win32-IF0074
6.0.0.74-ISS-ITDS-SolarisX64-IF0074
6.0.0.74-ISS-ITDS-SolarisSparc-IF0074
6.0.0.74-ISS-ITDS-Linuxz31-IF0074
6.0.0.74-ISS-ITDS-Linuxip32-IF0074
6.0.0.74-ISS-ITDS-Linux32-IF0074
6.0.0.74-ISS-ITDS-HPUXPARISC-IF0074
6.0.0.74-ISS-ITDS-HPUXIA64-IF0074
6.0.0.74-ISS-ITDS-AIX-IF0074
6.0.0.73-ISS-ITDS-Win32-IF0073
6.0.0.73-ISS-ITDS-SolarisX64-IF0073
6.0.0.73-ISS-ITDS-SolarisSparc-IF0073
6.0.0.73-ISS-ITDS-Linuxz31-IF0073
6.0.0.73-ISS-ITDS-Linuxip32-IF0073
6.0.0.73-ISS-ITDS-Linux32-IF0073
6.0.0.73-ISS-ITDS-HPUXPARISC-IF0073
6.0.0.73-ISS-ITDS-HPUXIA64-IF0073
6.0.0.73-ISS-ITDS-AIX-IF0073
Tivoli Directory Server, Version 6.0.0.72-ISS-ITDS-IF0072

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A remote attacker could craft an invalid LDAP request which in
    rare circumstances could crash (SIGSEGV) the Tivoli Directory
    Server. Such an attack could not result in unauthorized access
    or destruction of data, but would cause a denial of service
    (DoS).
    
    Only 32-bit servers are likely to be effected. The chances of a
    successful attack against a 64-bit server are extremely low.
    

Local fix

  • No workaround exists. Restricting unauthorized access to the
    server using SSL-only with client-authentication, firewalls or
    other security practices will substantially reduce the risk of a
    potential attack.
    

Problem summary

  • The server validates that incoming LDAP requests do not include
    invalid buffer references. But an error was discovered in one
    such validation which could cause it to fail if the buffer being
    checked was close to the top of the address space. This is
    nearly impossible in a 64-bit address space and even on a 32-bit
    server is unlikely and beyond the control of a potential
    exploiter.
    

Problem conclusion

  • The fix for this APAR is contained in the following maintenance
    packages:
    | interim fix | 6.0.0.8-TIV-ITDS-IF0007 |
    

Temporary fix

Comments

APAR Information

  • APAR number

    IO13306

  • Reported component name

    IBM TIV DIR SER

  • Reported component ID

    5724J3960

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2010-10-29

  • Closed date

    2010-10-29

  • Last modified date

    2010-10-29

  • APAR is sysrouted FROM one or more of the following:

    IO13277

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM TIV DIR SER

  • Fixed component ID

    5724J3960

Applicable component levels

  • R600 PSY

       UP



Document information

More support for: IBM Security Directory Server
General

Software version: 600

Reference #: IO13306

Modified date: 29 October 2010