Vulnerabilities > CVE-2008-2943 - Resource Management Errors vulnerability in IBM Tivoli Directory Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states "There is no real risk of a vulnerability," although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability. CVE-2008-2943. Dos exploits for multiple platform |
| id | EDB-ID:31999 |
| last seen | 2016-02-03 |
| modified | 2008-06-30 |
| published | 2008-06-30 |
| reporter | anonymous |
| source | https://www.exploit-db.com/download/31999/ |
| title | IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability |