| VID |
25056 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
The IBM DB2 UDB server, according to its version, has multiple denial of service vulnerabilities via the ACCSEC command. IBM DB2 Universal Database (UDB) versions prior to 8.1 FixPak 13 are vulnerable to multiple denial of service vulnerabilities. By sending a specially-crafted ACCSEC command during the CONNECT/ATTACH process, a remote authenticated attacker could cause the database to crash.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg24013114
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
http://www.securityfocus.com/archive/1/archive/1/445298/100/0/threaded
http://www.securityfocus.com/archive/1/454307/30/0/threaded
http://www.frsirt.com/english/advisories/2006/3328
http://secunia.com/advisories/21550
* Platforms Affected:
IBM DB2 Universal Database 8.x
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (8.1 FixPak 13 or 8.2 FixPak 6 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg24013114 |
| Related URL |
CVE-2006-4257 (CVE) |
| Related URL |
19586 (SecurityFocus) |
| Related URL |
28614 (ISS) |
|
