Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21580
HistoryApr 03, 2009 - 12:00 a.m.

IBM DB2

2009-04-0300:00:00
vulners.com
23
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

IBM DB2 Version 9.5 Fix Pack 3a came out, fixing also two DoS
vulnerabilities I found.
http://www-01.ibm.com/support/docview.wss?uid=swg21372517IBM DB2

  1. "IZ37697: SECURITY: MALICIOUS CONNECT DATA STREAM CAN CAUSE DENIAL OF
    SERVICE."
    First is pre-auth DoS vulnerability. Here is exploit: it require
    "DB2TEST" database present on target database, because its name is
    hardcoded into packet.

  2. IZ39653: SECURITY: MALICOUS DATA STREAM CAN CAUSE THE DB2 SERVER TO TRAP.
    The second DoS vulnerability, it is require also "DB2TEST" database
    present on target database and require "GUEST" account present with "QQ"
    password. All this stuff is hardcoded too.

My PGP public key: http://yurichev.com/dennis.yurichev.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknVF3cACgkQ1YPmFmJG++NxKQCgqweJzyOE82D29bxEsrgAl+a/
W94AoNFOYzX1tRzQOtiJuyWKe/okgtdi
=PQoe
-----END PGP SIGNATURE-----

JSON