CVE-2010-4789
Description
Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | tivoli_directory_server | 6.0 | |
| ibm | tivoli_directory_server | 6.0.0.0 | |
| ibm | tivoli_directory_server | 6.0.0.1 | |
| ibm | tivoli_directory_server | 6.0.0.7 | |
| ibm | tivoli_directory_server | 6.0.0.8 | |
| ibm | tivoli_directory_server | 6.0.0.14 | |
| ibm | tivoli_directory_server | 6.0.0.19 | |
| ibm | tivoli_directory_server | 6.0.0.33 | |
| ibm | tivoli_directory_server | 6.0.0.41 | |
| ibm | tivoli_directory_server | 6.0.0.45 | |
| ibm | tivoli_directory_server | 6.0.0.52 | |
| ibm | tivoli_directory_server | 6.0.0.53 | |
| ibm | tivoli_directory_server | 6.0.0.54 | |
| ibm | tivoli_directory_server | 6.0.0.55 | |
| ibm | tivoli_directory_server | 6.0.0.56 | |
| ibm | tivoli_directory_server | 6.0.0.57 | |
| ibm | tivoli_directory_server | 6.0.0.58 | |
| ibm | tivoli_directory_server | 6.0.0.59 | |
| ibm | tivoli_directory_server | 6.0.0.60 | |
| ibm | tivoli_directory_server | 6.0.0.61 | |
| ibm | tivoli_directory_server | 6.0.0.62 | |
| ibm | tivoli_directory_server | 6.0.0.63 | |
| ibm | tivoli_directory_server | 6.0.0.64 | |
| ibm | tivoli_directory_server | 6.3.0.0 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg1IO13364
- http://www.ibm.com/support/docview.wss?uid=swg1IO13451
- http://www.ibm.com/support/docview.wss?uid=swg24029659
- http://www.ibm.com/support/docview.wss?uid=swg24029672
- http://www.ibm.com/support/docview.wss?uid=swg1IO13364
- http://www.ibm.com/support/docview.wss?uid=swg1IO13451
- http://www.ibm.com/support/docview.wss?uid=swg24029659
- http://www.ibm.com/support/docview.wss?uid=swg24029672
CWEs
CWE-399
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.