IBM Support

IO11814: eSIP IBM20100125-1140: LDAP do_extendedOp DoS vulnerability

Direct links to fixes

6.0.0.78-ISS-ITDS-SolarisSparc-IF0078
6.0.0.78-ISS-ITDS-Linuxz31-IF0078
6.0.0.78-ISS-ITDS-Linux32-IF0078
6.0.0.78-ISS-ITDS-HPUXPARISC-IF0078
6.0.0.78-ISS-ITDS-HPUXIA64-IF0078
6.0.0.78-ISS-ITDS-AIX-IF0078
6.0.0.78-ISS-ITDS-Win32-IF0078
6.0.0.77-ISS-ITDS-Win32-IF0077
6.0.0.77-ISS-ITDS-SolarisX64-IF0077
6.0.0.77-ISS-ITDS-SolarisSparc-IF0077
6.0.0.77-ISS-ITDS-Linuxz31-IF0077
6.0.0.77-ISS-ITDS-Linuxip32-IF0077
6.0.0.77-ISS-ITDS-Linux32-IF0077
6.0.0.77-ISS-ITDS-HPUXPARISC-IF0077
6.0.0.77-ISS-ITDS-HPUXIA64-IF0077
6.0.0.77-ISS-ITDS-AIX-IF0077
6.0.0.76-ISS-ITDS-Win32-IF0076
6.0.0.76-ISS-ITDS-SolarisX64-IF0076
6.0.0.76-ISS-ITDS-SolarisSparc-IF0076
6.0.0.76-ISS-ITDS-Linuxz31-IF0076
6.0.0.76-ISS-ITDS-Linuxip32-IF0076
6.0.0.76-ISS-ITDS-Linux32-IF0076
6.0.0.76-ISS-ITDS-HPUXPARISC-IF0076
6.0.0.76-ISS-ITDS-HPUXIA64-IF0076
6.0.0.76-ISS-ITDS-AIX-IF0076
6.0.0.75-ISS-ITDS-Win32-IF0075
6.0.0.75-ISS-ITDS-SolarisX64-IF0075
6.0.0.75-ISS-ITDS-SolarisSparc-IF0075
6.0.0.75-ISS-ITDS-Linuxz31-IF0075
6.0.0.75-ISS-ITDS-Linuxip32-IF0075
6.0.0.75-ISS-ITDS-Linux32-IF0075
6.0.0.75-ISS-ITDS-HPUXPARISC-IF0075
6.0.0.75-ISS-ITDS-HPUXIA64-IF0075
6.0.0.75-ISS-ITDS-AIX-IF0075
6.0.0.74-ISS-ITDS-Win32-IF0074
6.0.0.74-ISS-ITDS-SolarisX64-IF0074
6.0.0.74-ISS-ITDS-SolarisSparc-IF0074
6.0.0.74-ISS-ITDS-Linuxz31-IF0074
6.0.0.74-ISS-ITDS-Linuxip32-IF0074
6.0.0.74-ISS-ITDS-Linux32-IF0074
6.0.0.74-ISS-ITDS-HPUXPARISC-IF0074
6.0.0.74-ISS-ITDS-HPUXIA64-IF0074
6.0.0.74-ISS-ITDS-AIX-IF0074
6.0.0.73-ISS-ITDS-Win32-IF0073
6.0.0.73-ISS-ITDS-SolarisX64-IF0073
6.0.0.73-ISS-ITDS-SolarisSparc-IF0073
6.0.0.73-ISS-ITDS-Linuxz31-IF0073
6.0.0.73-ISS-ITDS-Linuxip32-IF0073
6.0.0.73-ISS-ITDS-Linux32-IF0073
6.0.0.73-ISS-ITDS-HPUXPARISC-IF0073
6.0.0.73-ISS-ITDS-HPUXIA64-IF0073
6.0.0.73-ISS-ITDS-AIX-IF0073
Tivoli Directory Server, Version 6.0.0.72-ISS-ITDS-IF0072

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ibmslapd may abend during an extended operation.
    
    ibmslapd.log shows the following error message just before abend
    
    6.0:
    GLPSRV005E The LDAP server was unable to decode input data
    from the client while processing operation: extended operation.
    
    6.1/6.2:
    GLPSRV005E Server was unable to decode input data from the
    client (connection ID: 2, IP address: 127.0.0.1, Port: 7559)
    while processing operation: extended operation.
    
    This problem is observed with Tivoli Directory Server on these
    platforms: Linux, Solaris and Windows.
    
    This problem is NOT observed on these platforms: AIX and HP-UX.
    

Local fix

  • No known work around
    

Problem summary

  • When parsing a malformed ldap extended operation, the server
    correctly detects and rejects the invalid request, but while
    processing the error, it attempts to compare the NULL operation
    OID with specific constants. This resulted in a SIGSEGV on
    Linux, Solaris and Windows platforms. AIX and HP-UX allow this
    and respond correctly with LDAP_PROTOCOL_ERROR.
    

Problem conclusion

  • The fix for this APAR is contained in the following maintenance
    packages:
    | interim fix | 6.0.0.8-TIV-ITDS-IF0004 |
    

Temporary fix

Comments

APAR Information

  • APAR number

    IO11814

  • Reported component name

    IBM TIV DIR SER

  • Reported component ID

    5724J3960

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2010-01-20

  • Closed date

    2010-01-29

  • Last modified date

    2010-01-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IO11823 IO11840

Fix information

  • Fixed component name

    IBM TIV DIR SER

  • Fixed component ID

    5724J3960

Applicable component levels

  • R600 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCVNLD","label":"General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"600","Edition":""}]

Document Information

Modified date:
29 January 2010