{"hash": "7992e84e5562e953718fc01f17c9f5b11ea3387b28f145a64cbeba20b3b589c0", "id": "EDB-ID:31999", "lastseen": "2016-02-03T15:57:24", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/31999/", "description": "IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability. CVE-2008-2943. Dos exploits for multiple platform", "title": "IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/30010/info\r\n\r\nIBM Tivoli Directory Server is prone to a denial-of-service vulnerability because the server contains a double-free error.\r\n\r\nAn attacker can exploit this issue to crash the affected server with a SIGSEGV fault, denying service to legitimate users.\r\n\r\nTivoli Directory Server 6.1.0.0 - 6.1.0.15 are affected. \r\n\r\nThe following 'ldapadd' entry is sufficient to trigger the issue:\r\n\r\ndn: globalGroupName=GlobalAdminGroup,cn=ibmpolicies\r\nglobalGroupName: GlobalAdminGroup\r\nobjectclass: top\r\nobjectclass: ibm-globalAdminGroup ", "objectVersion": "1.0", "cvelist": ["CVE-2008-2943"], "published": "2008-06-30T00:00:00", "osvdbidlist": ["46577"], "references": [], "reporter": "anonymous", "modified": "2008-06-30T00:00:00", "href": "https://www.exploit-db.com/exploits/31999/"}

{"cve": [{"lastseen": "2017-08-08T11:24:45", "references": ["http://www.securityfocus.com/bid/30010", "http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113", "http://www.vupen.com/english/advisories/2008/1970", "https://exchange.xforce.ibmcloud.com/vulnerabilities/43465"], "description": "Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states \"There is no real risk of a vulnerability,\" although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.", "edition": 2, "reporter": "NVD", "published": "2008-06-30T17:41:00", "title": "CVE-2008-2943", "type": "cve", "enchantments": {"score": {"modified": "2017-08-08T11:24:45", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-2943"], "scanner": [], "modified": "2017-08-07T21:31:27", "cpe": ["cpe:/a:ibm:tivoli_directory_server:6.1.0.2", "cpe:/a:ibm:tivoli_directory_server:6.1.0.4", "cpe:/a:ibm:tivoli_directory_server:6.1.0.5", "cpe:/a:ibm:tivoli_directory_server:6.1.0.13", "cpe:/a:ibm:tivoli_directory_server:6.1.0.9", "cpe:/a:ibm:tivoli_directory_server:6.1.0.11", "cpe:/a:ibm:tivoli_directory_server:6.1.0.10", "cpe:/a:ibm:tivoli_directory_server:6.1.0.6", "cpe:/a:ibm:tivoli_directory_server:6.1.0.15", "cpe:/a:ibm:tivoli_directory_server:6.1.0.7", "cpe:/a:ibm:tivoli_directory_server:6.1.0.1", "cpe:/a:ibm:tivoli_directory_server:6.1.0.3", "cpe:/a:ibm:tivoli_directory_server:6.1.0.8", "cpe:/a:ibm:tivoli_directory_server:6.1.0.12", "cpe:/a:ibm:tivoli_directory_server:6.1.0.0", "cpe:/a:ibm:tivoli_directory_server:6.1.0.14"], "id": "CVE-2008-2943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2943", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}