Multiple vulnerabilities in IBM Tivoli Directory
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-1388 CVE-2018-1427 CVE-2018-1426 CVE-2016-0702 CVE-2018-1447 |
| CWE-ID | CWE-208 CWE-190 CWE-338 CWE-200 CWE-521 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Tivoli Directory Server Server applications / Directory software, identity management |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Information disclosure through timing discrepancy
EUVDB-ID: #VU12569
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1388
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to disclosure of side channel information via discrepancies between valid and invalid PKCS#1 padding. A remote attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Directory Server: 6.2 - 6.3.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU12310
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1427
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Directory Server: 6.2 - 6.3.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of cryptographically weak PRNG
EUVDB-ID: #VU12311
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1426
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Directory Server: 6.2 - 6.3.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU1962
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-0702
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.
The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.
The vulnerability was dubbed "CacheBleed".
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Directory Server: 6.2 - 6.3.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Weak passwords requirements
EUVDB-ID: #VU12308
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1447
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsIBM Tivoli Directory Server: 6.2 - 6.3.0.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
