lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <458054A6.9080904@appsecinc.com>
Date: Wed, 13 Dec 2006 14:29:42 -0500
From: Team SHATTER <shatter@...secinc.com>
To: bugtraq@...urityfocus.com
Subject: IBM DB2 Remote DoS during CONNECT processing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM DB2 Remote DoS during CONNECT processing

AppSecInc Team SHATTER Security Advisory:
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml

Affected versions: All versions of IBM DB2 Database Server

Risk level: Medium

Credits: This vulnerability was discovered and researched by Vivek
Rathod of Application Security Inc.

Details:
When connecting to a remote DB2 instance, the version 7 client typically
sends a SQLJRA packet requesting start of the connection. If this SQLJRA
packet is specially crafted, it can cause a DoS attack by crashing the
DB2 instance. Altering a few bytes at specific offsets in the packet
exposes multiple NULL/invalid pointer dereference bugs in the server code.
For example, on Windows, if 0x00 is used at any of these offsets, the
sqle_db2ra_as_con_database function (from DB2ENGN.DLL) attempts to
access NULL or invalid memory locations, causing an unhandled access
violation (0xC0000005). This causes the DB2 instance to crash.

Impact:
Any remote unauthenticated attacker can crash the DB2 instance.

Vendor Status:
Vendor was contacted and a patch was released.

Fix:
To fix the problem apply the fixpak 13 for DB2 version 8.1 (same as 8.2 FP6)
http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html

Links:
Application Security, Inc advisory:
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
IBM APAR: http://www-1.ibm.com/support/entdocview.wss?uid=swg1IY86917
Secunia Advisory: http://secunia.com/advisories/21550/
CVE Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4257

- --
Application Security, Inc.
www.appsecinc.com
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFgFSm9EOAcmTuFN0RAs0uAKDD2JmnlktSvdZg/UdVtBZMcN8aMwCfR7AJ
toZoy4X4AWp5t8Ut7vvkj8U=
=tvlM
-----END PGP SIGNATURE-----

Download attachment "0x64EE14DD.asc" of type "application/pgp-keys" (1702 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ