Detections
Analytics

IBM DB2 Discovery Service Malformed UDP Packet Remote DoS

medium Nessus Plugin ID 11896

Language:

Synopsis

The remote service is affected by a denial of service vulnerability.

Description

It was possible to crash the IBM DB2 UDP-based discovery listener on the remote host by sending it a packet with more than 20 bytes. An unauthenticated attacker can use this attack to make this service crash continuously, thereby denying service to legitimate users.

Solution

Apply IBM Fix Pack 10a or later.

See Also

https://www.securityfocus.com/archive/1/338234/30/0/threaded

http://www.nessus.org/u?8d0c33a1

Plugin Details

Severity: Medium

ID: 11896

File Name: db2_discovery_DoS.nasl

Version: 1.26

Type: remote

Family: Databases

Published: 10/17/2003

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:db2

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/19/2003

Reference Information

CVE: CVE-2003-0827

BID: 8653