IBM solidDB < 7.0 Fix Pack 1 / 6.5.0.8 Interim Fix 5 Denial of Service

high Nessus Plugin ID 57824

Synopsis

The remote database server is affected by a denial of service vulnerability.

Description

According to its version number, the solidDB install on the remote host is affected by a denial of service vulnerability due to a flaw in the way the application handles 'SELECT' statements containing a 'rownum' condition with a subquery.

A remote, unauthenticated attacker can leverage this issue to cause the application to crash.

Solution

Upgrade to IBM solidDB 7.0 Fix Pack 1 / 6.5.0.8 Interim Fix 5 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IC79861

http://www-01.ibm.com/support/docview.wss?uid=swg27021052#if5

http://web.archive.org/web/20130329180236/http://xforce.iss.net/xforce/xfdb/72651

Plugin Details

Severity: High

ID: 57824

File Name: soliddb_select_dos.nasl

Version: 1.7

Type: local

Family: Databases

Published: 2/3/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:ibm:soliddb

Required KB Items: SMB/solidDB/installed

Exploit Ease: No known exploits are available

Patch Publication Date: 1/19/2012

Vulnerability Publication Date: 12/28/2011

Reference Information

CVE: CVE-2011-4890

BID: 51629