IBM DB2 Chaining Functionality DRDA Module DoS Vulnerability Network Vulnerability

Summary

The host is running IBM DB2 and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote users to cause denial of service. Impact Level: Application

Solution

Upgrade to IBM DB2 version 9.7 FP6, 9.8 FP5 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg27007053

Insight

The flaw is caused due an error within chaining functionality in the Distributed Relational Database Architecture (DRDA) module, which can be exploited to cause a crash by sending a specially crafted DRDA request.

Affected

IBM DB2 version 9.7 before FP6 IBM DB2 version 9.8 before FP5

References

http://osvdb.org/show/osvdb/82756
http://secunia.com/advisories/49437/
http://www-01.ibm.com/support/docview.wss?uid=swg1IC82234
http://www-304.ibm.com/support/docview.wss?uid=swg21597090
http://xforce.iss.net/xforce/xfdb/75418

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2180
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Oracle MySQL Server Component 'Optimizer' Unspecified vulnerability Oct-2013 (Windows)
Oracle Database 'XML DB component' Unspecified vulnerability
PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
MySQL Multiple Vulnerabilities
IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability (Linux)

Take action and discover your vulnerabilities