IBM Tivoli Directory Server DIGEST-MD5 Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running IBM Tivoli Directory Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to crash an affected server, creating a denial of service condition. Impact Level: Application

Solution

Apply cumulative interim fix 6.0.0.8-TIV-ITDS-IF0006 http://www-01.ibm.com/support/docview.wss?uid=swg24027463

Insight

The flaw is caused by improper handling of 'DIGEST-MD5' authentication requests. By sending a specially-crafted request, a remote attacker could exploit this vulnerability using multiple incomplete connections to cause the service to terminate.

Affected

IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006

References

http://osvdb.org/66782
http://secunia.com/advisories/40791
http://xforce.iss.net/xforce/xfdb/60821
https://www-304.ibm.com/support/docview.wss?uid=swg1IO12399

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2927

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari Denial of Service Vulnerability (Win) - Apr09
Cogent DataHub Integer Overflow Vulnerability
Apple iTunes Multiple Vulnerabilities
EtherApe RPC Packet Processing Denial of Service Vulnerability
DNS Amplification Attacks

IBM Tivoli Directory Server DIGEST-MD5 Denial of Service Vulnerability

Take action and discover your vulnerabilities