IBM Tivoli Directory Server Vulnerabilities (credentialed check)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The version of IBM Tivoli Directory Server installed on the remote
host contains multiple security vulnerabilities.

Description :

According to its version, the installation of IBM Tivoli Directory
Server on the remote host is prior to 6.0.0.67, 6.1.0.40, 6.2.0.16, or
6.3.0.3. It is, therefore, affected by one or more of the following
vulnerabilities :

- A malicious LDAP request can cause a buffer overrun in
the server, allowing an unauthenticated, remote attacker
to execute arbitrary code within Tivoli Directory
Server's server process. This vulnerability has only
been recreated on 32 bit platforms. (IO14010, IO14013,
IO14028, IO14046, IO14045)

- A security vulnerability has been identified in Tivoli
Directory server. If the Server is configured to audit
extended operations with 'Attributes sent on group
evaluation extended operation' enabled
(ibm-auditAttributesOnGroupEvalOp=TRUE), the audit
entries for the group eval extended op will include
unmasked values for sensitive data. (IO14023, IO14025,
IO14028, IO14043, IO14044)

See also :

http://www.nessus.org/u?1d3972f7
http://www.zerodayinitiative.com/advisories/ZDI-11-136/
https://www-304.ibm.com/support/docview.wss?uid=swg21496117
https://www-304.ibm.com/support/docview.wss?uid=swg21496086

Solution :

Install the appropriate fix based on the vendor's advisory :

- 6.0.0.8-TIV-ITDS-IF0009
- 6.1.0.5-TIV-ITDS-IF0003
- 6.2.0.3-TIV-ITDS-IF0002
- 6.3.0.0-TIV-ITDS-IF0003

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 53625 ()

Bugtraq ID: 47121

CVE ID: CVE-2011-1206

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now