copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
Security Bul...
»
AusCERT Exte...
» ESB-2012.0378 - [Win][RedHat][HP-UX][Solaris][AIX][S...
ESB-2012.0378 - [Win][RedHat][HP-UX][Solaris][AIX][SUSE] IBM Tivoli Directory Server: Multiple vulnerabilities
Date:
17 April 2012
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0378 A number of vulnerabilities have been identified in IBM Tivoli Directory Server 17 April 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Tivoli Directory Server Publisher: IBM Operating System: Windows AIX Red Hat SUSE Solaris HP-UX Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-0743 CVE-2012-0740 CVE-2012-0726 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21591257 http://www-01.ibm.com/support/docview.wss?uid=swg21591267 http://www-01.ibm.com/support/docview.wss?uid=swg21591272 Comment: This bulletin contains three (3) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Tivoli Directory Server Cross-Site scripting vulnerability with the Web Admin Tool (CVE-2012-0740) Flash (Alert) Abstract IBM Tivoli Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0740 DESCRIPTION: IBM Tivoli Directory Server (TDS) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Web Admin Tool. A remote attacker could exploit this vulnerability to execute script in the user's Web browser. An attacker could use this vulnerability to steal the user's cookie-based authentication credentials. CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74610 for the current score CVSS Environmental Score*: Undefined CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N) AFFECTED PLATFORMS: Version 6.3 and earlier REMEDIATION: Vendor Fix(es): Affected Version APAR Fix 6.2 IO14508 6.2.0.22-ISS-ITDS-IF0022 6.3 IO16016 6.3.0.11-ISS-ITDS-IF0011 For TDS versions not listed here contact IBM Technical Support If assistance is required to determine the version, release of TDS installed, see the following url for information https://www-304.ibm.com/support/docview.wss?rs=767&uid=swg21267300 Workaround(s): No workaround Mitigation(s): No mitigation REFERENCES: Complete CVSS Guide On-line Calculator V2 X-Force Database CVE-2012-0740 RELATED INFORMATION: IBM Product Security Incident Response Program IBM Tivoli Directory Server Support Created/Revised by Date of Creation/Update Summary of Changes brookh 2012/04/16 created Historical Number XX04391 Product Alias/Synonym LDAP TDS ITDS IDS Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - ------------------------------------------------------------------------------ Security Bulletin: IBM Tivoli Directory Server paged search may cause denial of service may crash if paged searches are enabled (CVE-2012-0743) Flash (Alert) Abstract A custom LDAP client can be created which would cause IBM Tivoli Directory Server to crash by sending a malformed paged search request. This can cause a denial of service. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0743 DESCRIPTION: A custom LDAP client can be created which would cause IBM Tivoli Directory Server to crash by sending a malformed paged search request. It is not believed that this vulnerability could be exploited to execute arbitrary code, gain unauthorized access or corrupt data, but it can cause denial of service. CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74663 for the current score CVSS Environmental Score*: Undefined CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P) AFFECTED PLATFORMS: Version 6.3 and earlier REMEDIATION: Vendor Fix(es): Affected Version APAR Fix 6.1 IO15707 6.1.0.47-ISS-ITDS-IF0047 6.2 IO16001 6.2.0.22-ISS-ITDS-IF0022 6.3 IO16002 6.3.0.11-ISS-ITDS-IF0011 For TDS versions not listed here contact IBM Technical Support If assistance is required to determine the version, release of TDS installed, see the following url for information https://www-304.ibm.com/support/docview.wss?rs=767&uid=swg21267300 Workaround(s): Paged searches can be disabled by configuring ibm-slapdPagedResLmt = 0. Paged searches can be restricted to administrators only by configuring ibm-slapdPagedResAllowNonAdmin = FALSE. Mitigation(s): All searches (including paged searches) can be restricted to authenticated users only by configuring ibm-slapdAllowAnon = FALSE. This would prevent anonymous users from being able to connect to the server, but authenticated users could still potentially crash the server if paged searches are enabled. REFERENCES: Complete CVSS Guide On-line Calculator V2 X-Force Database CVE-2012-0743 RELATED INFORMATION: IBM Product Security Incident Response Program IBM Tivoli Directory Server Support Created/Revised by Date of Creation/Update Summary of Changes brookh 2012/04/16 created Historical Number XX04418 Product Alias/Synonym LDAP TDS ITDS IDS Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - ------------------------------------------------------------------------------ Security Bulletin: IBM Tivoli Directory Server use of NULL ciphers in default Transport Layer Security configuration would result in unencrypted communications (CVE-2012-0726) Flash (Alert) Abstract IBM Tivoli Directory Server (TDS) enables NULL-MD5 and NULL-SHA ciphers in the default Transport Layer Security (TLS) configuration. Use of either of these ciphers would result in unencrypted communications. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0726 DESCRIPTION: In the default TDS environment with TLS enabled, the NULL-MD5 and NULL-SHA ciphers are enabled by default. If a client failed to negotiate a stronger cipher for the TLS session, it could default to using a either a NULL-MD5 and NULL-SHA cipher. This would result in unencrypted would leave communications effectively unencrypted. CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74303 for the current score CVSS Environmental Score*: Undefined CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P) AFFECTED PLATFORMS: Version 6.3 and earlier REMEDIATION: Vendor Fix(es): Affected Version APAR Fix 6.1 IO16035 6.1.0.47-ISS-ITDS-IF0047 6.2 IO16036 6.2.0.22-ISS-ITDS-IF0022 6.3 IO15761 6.3.0.11-ISS-ITDS-IF0011 For TDS versions not listed here contact IBM Technical Support If assistance is required to determine the version, release of TDS installed, see the following url for information https://www-304.ibm.com/support/docview.wss?rs=767&uid=swg21267300 Workaround(s): Enable Federal Information Processing Standards (FIPS) mode in ibmslapd ssl configuration to turn disable NULL ciphers. 1) Put the following text into cfgFIPS.ldif dn: cn=SSL, cn=Configuration changeType: modify replace: ibm-slapdSslFIPSModeEnabled ibm-slapdSslFIPSModeEnabled: true - replace: ibm-slapdSslFIPSProcessingMode ibm-slapdSslFIPSProcessingMode: true 2) ldapmodify -p <port> -D cn=root -w <pwd> -i cfgFIPS.ldif Then restart both ibmdiradm and ibmslapd processes. Mitigation(s): No mitigation REFERENCES: Complete CVSS Guide On-line Calculator V2 X-Force Database CVE-2012-0726 RELATED INFORMATION: IBM Product Security Incident Response Program IBM Tivoli Directory Server Support Created/Revised by Date of Creation/Update Summary of Changes brookh 2012/04/16 created Historical Number XX04433 Product Alias/Synonym LDAP TDS ITDS IDS Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT4zMme4yVqjM2NGpAQLByw/9GQvfb+2jVKp5rHQmLlQMiv9Ha96WStuZ tx0H2SbAtboWutIDGiOODvArBWJRPi7HswaRmp+xaUDsY1+59JSzAXEZyit/hza6 DnUgb3DlF1vrOsXH47HmwfbDjTgFztw5lj2GzA567sCl/+eeqkJAgpTJOPyezt0N +g3PI49rmP+4uf7O03K+O9pT3LAl7KjtxZnVh2oMILKTlPMSNv7mOkKaqr15ve/h BPxJ+oDOgs8w6fmkgkV+kqBtNxT3VG571nqhJhoMP4WdsuwRk5UVOvbMyeV47Eej rLScHapiB6dhgci+AJsjMdbcy5VOsMPVhGzbTDL6dBNOyEOmH3aNfYrapF3t+82e wTAhVqyhJhr6kna7UXubbtreOPlfG8TG9LMcZFa7WHprmHQv1ZADi7maO7ctfYnq KTbqKhHXv0K66v7MiOrOC7/gtjsLCjaSx+gyoHm3qdQneVXCWF2o9J05eqqD5s// kYoUrTPG32Ntsocnv9PZFRe59WaiV1QqU6YLuEI7+wXnIQyqY7KuD/cmeSRCySay kNE9bNkUEsV3mHNNEyC1ygpd1QmqHTpNY7JkCDZRSp7Pwvkwu3GgN8SZ4O5eOepT d3QeCum07WCPXcQkNfkuwF5Bg4U6EfqXdlixNwAHHYXq1I7gJ98z/2OBTwUPpvCM o2TG5MkfsjU= =O+qN -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1980&it=15728