-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM DB2 Remote DoS during CONNECT processing AppSecInc Team SHATTER Security Advisory: http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml Affected versions: All versions of IBM DB2 Database Server Risk level: Medium Credits: This vulnerability was discovered and researched by Vivek Rathod of Application Security Inc. Details: When connecting to a remote DB2 instance, the version 7 client typically sends a SQLJRA packet requesting start of the connection. If this SQLJRA packet is specially crafted, it can cause a DoS attack by crashing the DB2 instance. Altering a few bytes at specific offsets in the packet exposes multiple NULL/invalid pointer dereference bugs in the server code. For example, on Windows, if 0x00 is used at any of these offsets, the sqle_db2ra_as_con_database function (from DB2ENGN.DLL) attempts to access NULL or invalid memory locations, causing an unhandled access violation (0xC0000005). This causes the DB2 instance to crash. Impact: Any remote unauthenticated attacker can crash the DB2 instance. Vendor Status: Vendor was contacted and a patch was released. Fix: To fix the problem apply the fixpak 13 for DB2 version 8.1 (same as 8.2 FP6) http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html Links: Application Security, Inc advisory: http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml IBM APAR: http://www-1.ibm.com/support/entdocview.wss?uid=swg1IY86917 Secunia Advisory: http://secunia.com/advisories/21550/ CVE Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4257 - -- Application Security, Inc. www.appsecinc.com AppSecInc is the leading provider of database security solutions for the enterprise. AppSecInc products proactively secure enterprise applications at more than 300 organizations around the world by discovering, assessing, and protecting the database against rapidly changing security threats. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFgFSm9EOAcmTuFN0RAs0uAKDD2JmnlktSvdZg/UdVtBZMcN8aMwCfR7AJ toZoy4X4AWp5t8Ut7vvkj8U= =tvlM -----END PGP SIGNATURE-----
Attachment:
0x64EE14DD.asc
Description: application/pgp-keys