CVE-2010-4217
Description
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0.0.0 | |
| ibm | tivoli_directory_server | 6.0.0.1 | |
| ibm | tivoli_directory_server | 6.0.0.7 | |
| ibm | tivoli_directory_server | 6.0.0.8 | |
| ibm | tivoli_directory_server | 6.0.0.14 | |
| ibm | tivoli_directory_server | 6.0.0.19 | |
| ibm | tivoli_directory_server | 6.0.0.33 | |
| ibm | tivoli_directory_server | 6.0.0.41 | |
| ibm | tivoli_directory_server | 6.0.0.45 | |
| ibm | tivoli_directory_server | 6.0.0.52 | |
| ibm | tivoli_directory_server | 6.0.0.53 | |
| ibm | tivoli_directory_server | 6.0.0.54 | |
| ibm | tivoli_directory_server | 6.0.0.55 | |
| ibm | tivoli_directory_server | 6.0.0.56 | |
| ibm | tivoli_directory_server | 6.0.0.57 | |
| ibm | tivoli_directory_server | 6.0.0.58 | |
| ibm | tivoli_directory_server | 6.0.0.59 | |
| ibm | tivoli_directory_server | 6.0.0.60 | |
| ibm | tivoli_directory_server | 6.0.0.61 | |
| ibm | tivoli_directory_server | 6.0.0.62 | |
| ibm | tivoli_directory_server | 6.0.0.63 | |
| ibm | tivoli_directory_server | 6.0.0.64 | |
| ibm | tivoli_directory_server | 6.1.0.0 | |
| ibm | tivoli_directory_server | 6.1.0.5 | |
References
- http://secunia.com/advisories/42083
- http://securitytracker.com/id?1024670
- http://www-01.ibm.com/support/docview.wss?uid=swg1IO13282
- http://www-01.ibm.com/support/docview.wss?uid=swg1IO13364
- http://www.osvdb.org/68964
- http://www.securityfocus.com/bid/44604
- http://www.vupen.com/english/advisories/2010/2861
- http://www.vupen.com/english/advisories/2010/2863
- http://secunia.com/advisories/42083
- http://securitytracker.com/id?1024670
- http://www-01.ibm.com/support/docview.wss?uid=swg1IO13282
- http://www-01.ibm.com/support/docview.wss?uid=swg1IO13364
- http://www.osvdb.org/68964
- http://www.securityfocus.com/bid/44604
- http://www.vupen.com/english/advisories/2010/2861
- http://www.vupen.com/english/advisories/2010/2863
CWEs
CWE-399
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.