IBM Global Services

IO13282: proxy server crash cleaning up paged search on backend

Proxy server crashes several seconds after a completed paged search, cleaning up the paged search structure on one of the
backend servers.

Potential issue with security inheritance on folders after migrating a FileNet Content Manager system from 3.x to 4.x

Potential authorization vulnerability in P8 when security inheritance was disabled on one or more folders and an upgrade from 3.x to 4.x was performed.

ToolTalk rpc.ttdbserver Database Parser Vulnerability

Successful exploitation of this issue could allow the attacker to execute arbitrary code on an affected system.

Security Vulnerabilities and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.7 Fix Pack 2

Fix Pack 2 for DB2 V9.7 is now available which includes fixes for some security vulnerabilities and HIPER APARs.

PowerHA Cluster Management port vulnerability

A remote user may may make arbitrary changes to the AIX configuration.

AIX libtt.a rpc.ttdbserver remote buffer overflow vulnerability

A remote attacker may execute arbitrary code as root.

AIX rmsock log append file vulnerability

A local attacker may append data to any file on the system.

AIX at information disclosure vulnerability

A local attacker may exploit this error to read any file on the system because the command is setuid root.

Security and HIPER APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.1 Fix Pack 6a

IZ25577: SENDMAIL VULNERABILITY (CVE-2006-4434)

Security vulnerability in sendmail CVE-2006-4434.

AIX swcons file ownership/permission vulnerability

An local attacker in the system group may create files owned by root with arbitrary contents.

AIX iostat environment variable error

IBM SECURITY ADVISORY: AIX iostat environment variable error

AIX errpt buffer overflow

IBM SECURITY ADVISORY: AIX errpt buffer overflow

AIX unix kernel buffer overflow

IBM SECURITY ADVISORY: AIX unix kernel buffer overflow

AIX anonymous ftpd information leak

IBM SECURITY ADVISORY: AIX anonymous ftpd information leak

Potential stack overflow vulnerability with IBM Lotus Sametime Community Services multiplexer (MUX)

TippingPoint's Zero Day Initiative contacted IBM® Lotus® to report a potential stack overflow vulnerability with the IBM Lotus Sametime® Community Services multiplexer (MUX).

PK65782; 2.0.47.1: IBM HTTP Server V2.0.47 Cumulative Interim Fix

This Interim Fix corrects multiple problems which were resolved after the previous Interim Fix, PK53584, including security-related issues CVE-2007-5000, CVE-2007-6203, and CVE-2007-6388.

AIX OpenSSH multiple vulnerabilities

IBM SECURITY ADVISORY: AIX OpenSSH multiple vulnerabilities

PK65161: A SECURITY VULNERABILITY

A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges

PK62966: Z/OS IBM HTTP SERVER FOR WEBSPHERE (POWERED BY APACHE) FIX PACK 6.1.0.17

APAR PK62966 fixes the following defects in IBM HTTP Server for WebSphere.

AIX lsmcode environment variable error

A local attacker may execute arbitrary code.

AIX nddstat family environment variable error

A local attacker may execute arbitrary code.

AIX kernel multiple security vulnerabilities

An attacker may execute arbitrary code, cause a denial of service, or access privileged data.

AIX reboot buffer overflow

A local attacker in the shutdown group may execute arbitrary code.

PK55753: User identifier contained within cookie (Security vulnerability 3.2.2)

The ClearQuest application uses session cookies that contain information about the user.

PK55561: Security vulnerability from unsuccessful login attempts (3.2.1)

IBM Rational ClearQuest Web: The error messages produced by unsuccessful login attempts make it possible to perform scripted username enumeration through the login pages within the application.