IBM DB2 < 8.1 Fix Pack 13 CONNECT Processing Unspecified DoS

medium Nessus Plugin ID 23936

Synopsis

The remote database server is affected by multiple denial of service vulnerabilities.

Description

According to its version, the installation of IBM DB2 running on the remote host may crash in certain scenarios, such as when a user connects using a specially crafted ACCSEC command during the handshake process.

Solution

Apply IBM DB2 UDB version 8.1 FixPak 13 or later.

See Also

https://www.securityfocus.com/archive/1/archive/1/445298/100/0/threaded

https://www.securityfocus.com/archive/1/454307/30/0/threaded

http://www-1.ibm.com/support/docview.wss?uid=swg24013114

Plugin Details

Severity: Medium

ID: 23936

File Name: db2_81fp13.nasl

Version: 1.21

Type: remote

Family: Databases

Published: 12/23/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:db2

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/18/2006

Reference Information

CVE: CVE-2006-4257

BID: 19586