CVE-2024-45650
📋 TL;DR
IBM Security Verify Directory versions 10.0 through 10.0.3 are vulnerable to denial of service when processing LDAP extended operations. Attackers can send specially crafted LDAP requests to crash the service, disrupting directory authentication and access. Organizations running affected versions of IBM Security Verify Directory are impacted.
💻 Affected Systems
- IBM Security Verify Directory
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage of IBM Security Verify Directory, disrupting all LDAP-dependent authentication, authorization, and directory services across the organization.
Likely Case
Service crashes requiring manual restart, causing temporary authentication failures for users and applications relying on the directory.
If Mitigated
Minimal impact with proper network segmentation and rate limiting preventing exploitation attempts from reaching the vulnerable service.
🎯 Exploit Status
Exploitation requires sending specially crafted LDAP extended operations. No authentication is required to trigger the vulnerability, but attackers need network access to LDAP ports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.0.4 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7182169
Restart Required: No
Instructions:
1. Download IBM Security Verify Directory version 10.0.4 or later from IBM Fix Central. 2. Follow IBM's upgrade documentation for your deployment type (standalone, clustered, etc.). 3. Apply the update to all affected instances. 4. Verify service functionality post-upgrade.
🔧 Temporary Workarounds
Network Access Control
allRestrict access to LDAP ports (typically 389 and 636) to only trusted networks and systems using firewall rules.
Rate Limiting
allImplement network-level rate limiting on LDAP traffic to prevent rapid exploitation attempts.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate IBM Security Verify Directory from untrusted networks.
- Deploy intrusion detection/prevention systems to monitor for anomalous LDAP traffic patterns.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of IBM Security Verify Directory. If it's between 10.0 and 10.0.3 inclusive, the system is vulnerable.Check Version:
Refer to IBM documentation for version checking specific to your deployment. Typically via administrative interfaces or configuration files.Verify Fix Applied:
Confirm the version is 10.0.4 or later and test LDAP extended operations functionality to ensure service stability.📡 Detection & Monitoring
Log Indicators:
- Multiple LDAP extended operation requests followed by service crash/restart logs
- Error logs indicating LDAP processing failures
Network Indicators:
- Unusual volume of LDAP extended operation requests
- LDAP traffic patterns inconsistent with normal usage
SIEM Query:
source="ibm_verify_directory" AND (event_type="crash" OR event_type="error") AND message="*LDAP*extended*operation*"