PT-2011-1282 · Ibm · Ibm Tivoli Directory Server+1

Publicado

2011-04-21

·

Atualizado

2011-04-21

·

CVE-2008-7289

CVSS v2.0

4.0

Média

VetorAV:N/AC:L/Au:S/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions IBM Tivoli Directory Server (TDS) versions prior to 5.2.0.5-TIV-ITDS-LA0007
Description The issue arises from improper handling of simultaneous password changes, which can lead to a denial of service due to a DB2 daemon deadlock. This occurs when password changes trigger updates to a DB2 password-history table.
Recommendations For versions prior to 5.2.0.5-TIV-ITDS-LA0007, update to version 5.2.0.5-TIV-ITDS-LA0007 or later to resolve the issue. As a temporary workaround, consider restricting simultaneous password changes to minimize the risk of triggering the DB2 daemon deadlock.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-7289

Produtos afetados

Db2
Ibm Tivoli Directory Server