[VIM] Multiple IBM Tivoli documents leading to same issue

Steven M. Christey coley at mitre.org
Wed Nov 30 19:01:05 EST 2005


FYI, iDEFENSE noticed some possible CVE dupes regarding IBM Tivoli
Directory Server.  These dupes arose from different IBM documents, one
with a very vague description, and the other with a more detailed
description, and neither seeming to refer to the other.

I did some digging and they lead to the same APARs.

Maybe this will help save other people some analytical effort and/or
prevent their own dupes.  See the references in CVE-2005-3567 below.

- Steve


======================================================
Name: CVE-2005-3567
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3567
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=767&context=SSVJJU&dc=D400&uid=swg24010819&loc=en_US&cs=UTF-8&lang=en
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21222159
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVAIX53SECUR081510_247
Reference: AIXAPAR:IO02697
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IO02697&apar=only
Reference: AIXAPAR:IO02714
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IO02714&apar=only
Reference: CERT-VN:VU#194753
Reference: URL:http://www.kb.cert.org/vuls/id/194753
Reference: FRSIRT:ADV-2005-2356
Reference: URL:http://www.frsirt.com/english/advisories/2005/2356
Reference: SECTRACK:1015171
Reference: URL:http://securitytracker.com/id?1015171
Reference: SECUNIA:17484
Reference: URL:http://secunia.com/advisories/17484

slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0
binds using SASL EXTERNAL, which allows attackers to bypass
authentication and modify and delete directory data via unknown attack
vectors.


======================================================
Name: CVE-2005-3898
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3898

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-3567.  Reason:
This candidate is a reservation duplicate of CVE-2005-3567.  Notes:
All CVE users should reference CVE-2005-3567 instead of this
candidate.  All references and descriptions in this candidate have
been removed to prevent accidental usage.




More information about the VIM mailing list