Vulnerabilities > CVE-2008-2943 - Resource Management Errors vulnerability in IBM Tivoli Directory Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability. CVE-2008-2943. Dos exploits for multiple platform |
| id | EDB-ID:31999 |
| last seen | 2016-02-03 |
| modified | 2008-06-30 |
| published | 2008-06-30 |
| reporter | anonymous |
| source | https://www.exploit-db.com/download/31999/ |
| title | IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability |
References
- http://secunia.com/advisories/30786
- http://secunia.com/advisories/30786
- http://www.securityfocus.com/bid/30010
- http://www.securityfocus.com/bid/30010
- http://www.vupen.com/english/advisories/2008/1970
- http://www.vupen.com/english/advisories/2008/1970
- http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113
- http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43465
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43465