Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[VulnWatch] IBM DB2 Remote DoS during CONNECT processing
From: Team SHATTER (shatterappsecinc.com)
Date: Wed Dec 13 2006 - 13:29:42 CST
-----BEGIN PGP SIGNED MESSAGE-----
IBM DB2 Remote DoS during CONNECT processing
AppSecInc Team SHATTER Security Advisory:
Affected versions: All versions of IBM DB2 Database Server
Risk level: Medium
Credits: This vulnerability was discovered and researched by Vivek
Rathod of Application Security Inc.
When connecting to a remote DB2 instance, the version 7 client typically
sends a SQLJRA packet requesting start of the connection. If this SQLJRA
packet is specially crafted, it can cause a DoS attack by crashing the
DB2 instance. Altering a few bytes at specific offsets in the packet
exposes multiple NULL/invalid pointer dereference bugs in the server code.
For example, on Windows, if 0x00 is used at any of these offsets, the
sqle_db2ra_as_con_database function (from DB2ENGN.DLL) attempts to
access NULL or invalid memory locations, causing an unhandled access
violation (0xC0000005). This causes the DB2 instance to crash.
Any remote unauthenticated attacker can crash the DB2 instance.
Vendor was contacted and a patch was released.
To fix the problem apply the fixpak 13 for DB2 version 8.1 (same as 8.2 FP6)
Application Security, Inc advisory:
IBM APAR: http://www-1.ibm.com/support/entdocview.wss?uid=swg1IY86917
Secunia Advisory: http://secunia.com/advisories/21550/
CVE Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4257
Application Security, Inc.
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
- application/pgp-keys attachment: 0x64EE14DD.asc