OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Dailydave] IBM Tivoli Directory Server 0day

From: Evgeny Legerov (admingleg.net)
Date: Sat Feb 11 2006 - 06:39:49 CST


Hi,

Results of quick (5 minutes or so ;-)) run of ProtoVer Sample LDAP (http://www.gleg.net/protover_ldap_sample.shtml)
against IBM Tivoli Directory Server v6.0 on Linux:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1628271696 (LWP 28990)]
0xa094cbbc in memcpy () from /lib/libc.so.6
(gdb) bt
#0 0xa094cbbc in memcpy () from /lib/libc.so.6
#1 0xa0d000a6 in fber_get_string_len () from /opt/ibm/ldap/V6.0/lib/libibmldap.so
#2 0x080598a2 in parse_bind_request ()
#3 0x08058c9e in do_bind ()
#4 0x080614e7 in ConnMgr::connection_operation ()
#5 0x080a6bef in Worker::Run ()
#6 0x08093dba in Thr::_doRun ()
#7 0xa0affb80 in start_thread () from /lib/libpthread.so.0
#8 0xa09abdee in clone () from /lib/libc.so.6
(gdb) x/1i $eip
0xa094cbbc <memcpy+28>: repz movsl %ds:(%esi),%es:(%edi)
(gdb) i r
eax 0x4 4
ecx 0x3ffbca04 1073465860
edx 0x82db810 137213968
ebx 0x81e10e0 136188128
esp 0x9ef280fc 0x9ef280fc
ebp 0x9ef28128 0x9ef28128
esi 0x82bc41d 137085981
edi 0x83e8fff 138317823
...

To reproduce use the following command:
./run.py localhost 389 2532 1

Regards,
Evgeny Legerov
www.gleg.net