U radu IBM Tivoli Directory poslužitelja uočen je sigurnosni nedostatak kojeg je moguće iskoristiti za otkrivanje osjetljivih informacija.
Paket:
IBM Tivoli Directory Server 6.x
Operacijski sustavi:
HP-UX 11.x, IBM AIX 5.x, IBM AIX 6.x, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Red Hat Enterprise Linux 4, Red Hat Enterprise Linux 5, Sun Solaris 9, Sun Solaris 10, SUSE Linux Enterprise Server (SLES) 10
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
SA45107
Izvor:
Secunia
Problem:
Problem je posljedica toga što "Web Administration" alat ne ograničava pristup određenim log datotekama. Ranjivost se pojavljuje u inačici 6.2.0.3.
Posljedica:
Napadaču nedostatak omogućuje otkrivanje osjetljivih informacija.
Rješenje:
Korisnicima se preporuča instalacija sigurnosnih zakrpa (6.2.0.3-TIV-ITDS-IF0004).
IBM Tivoli Directory Server Log File Information Disclosure Security Issue
Secunia Advisory SA45107
Release Date 2011-07-01
Criticality level Less criticalLess critical
Impact Exposure of sensitive information
Where From local network
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
IBM Tivoli Directory Server 6.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A security issue has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to disclose potentially sensitive information.
The security issue is caused due to the Web Administration Tool not restricting access to certain log files.
The security issue is reported in version 6.2.0.3.
Solution
Apply interim fix 6.2.0.3-TIV-ITDS-IF0004.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
IBM (IO14060):
http://www.ibm.com/support/docview.wss?uid=swg24030320
Posljednje sigurnosne preporuke