| VID |
25057 |
| Severity |
30 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
The IBM DB2 UDB server, according to its version, has a denial of service vulnerability via the SQLJRA packet. IBM DB2 Universal Database (UDB) versions prior to 8.1 FixPak 14 are vulnerable to a denial of service vulnerability, caused by a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL. By sending a specially-crafted SQLJRA packet, a remote attacker could cause the database to crash.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg24014043
http://www-1.ibm.com/support/docview.wss?uid=swg1IY91847
http://www-1.ibm.com/support/docview.wss?uid=swg1IY86917
http://www.appsecinc.com/resources/alerts/db2/2006-11-30.shtml
http://secunia.com/advisories/23397
* Platforms Affected:
IBM DB2 Universal Database 8.x
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
Apply the latest IBM DB2 Universal Database Fix Pack (8.1 FixPak 14 or 8.2 FixPak 7 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg24014043 |
| Related URL |
CVE-2006-6638 (CVE) |
| Related URL |
21646 (SecurityFocus) |
| Related URL |
(ISS) |
|
