Dennis' Domino Blog

Dennis' Domino Blog
« Lotussquash 2011, 2e editie op 30 juniIBM Champion program »

Potential Security Exposure: IBM WebSphere Commerce using Tivoli Directory Server

Permalink 04/21/11 08:20, by Dennis van Remortel, Categories: Administration, IBM, Websphere
All info can be found here

Flash (Alert)

Abstract

There is a potential security exposure in Tivoli Directory Server (TDS) that could affect WebSphere Commerce users.

A malicious LDAP request might cause a buffer overrun in the server, potentially allowing a remote attacker to execute arbitrary code within Tivoli Directory Server's server process. Authentication is not required to exploit this vulnerability. The vulnerability could affect WebSphere Commerce V6.0 or V7.0 environments using TDS V5.x and V6.x for LDAP.

Content

WebSphere Commerce environments using Tivoli Directory Server V5.x or V6.x for LDAP might be vulnerable.

The following versions are at risk:

WebSphere Commerce V6.0 which supports the use of TDS V5.1, V5.2, V6.0, and V6.1.

WebSphere Commerce V7.0 which supports the use of TDS V6.0, V6.1, and V6.2.

For full details on the problem and the available solutions, see the following Tivoli Directory Server document:

Security Vulnerability - CVE-2011-1206 - TDS Remote Code Execution

No feedback yet

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
PoorExcellent
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
What Lotus product is discussed mainly here? The answer is domino
antispam test

Dennis' Domino Blog

Yet another Domino/Websphere Admin blog.

About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic

Downloads

Search

Categories

XML Feeds

More on RSS

Twitter

Planet Lotus

Usefull links

powered by b2evolution

©2012 by Dennis van Remortel

Contact | b2evo skin by Asevo | evoCore | vps hosting | François