CVE-2009-5072

Description

Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memory consumption) via an empty string argument.

Affected products

• ibm / tivoli_directory_server6.0 – 6.0
• ibm / tivoli_directory_server6.0.0.0 – 6.0.0.0
• ibm / tivoli_directory_server6.0.0.1 – 6.0.0.1
• ibm / tivoli_directory_server6.0.0.7 – 6.0.0.7
• ibm / tivoli_directory_server6.0.0.8 – 6.0.0.8
• ibm / tivoli_directory_server6.0.0.14 – 6.0.0.14
• ibm / tivoli_directory_server6.0.0.19 – 6.0.0.19
• ibm / tivoli_directory_server6.0.0.33 – 6.0.0.33
• ibm / tivoli_directory_server6.0.0.41 – 6.0.0.41
• ibm / tivoli_directory_server6.0.0.45 – 6.0.0.45
• ibm / tivoli_directory_server6.0.0.52 – 6.0.0.52
• ibm / tivoli_directory_server6.0.0.53 – 6.0.0.53
• ibm / tivoli_directory_server6.0.0.54 – 6.0.0.54
• ibm / tivoli_directory_server6.0.0.55 – 6.0.0.55
• ibm / tivoli_directory_server6.0.0.56 – 6.0.0.56
• ibm / tivoli_directory_server6.0.0.57 – 6.0.0.57
• ibm / tivoli_directory_server6.0.0.58 – 6.0.0.58
• ibm / tivoli_directory_server6.0.0.59 – 6.0.0.59
• ibm / tivoli_directory_server6.0.0.60 – 6.0.0.60

References

• MISChttp://www.ibm.com/support/docview.wss?uid=swg1IO11407
• MISChttp://www.ibm.com/support/docview.wss?uid=swg24029672