IBM solidDB < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of Service

medium Nessus Plugin ID 53812

Synopsis

The remote database server is affected by two denial of service vulnerabilities.

Description

According to its version number, the solidDB install on the remote host is affected by two denial of service vulnerabilities due to a flaw in the way the application handles the 'rpc_test_svc_readwrite' and and 'rpc_test_svc_done'procesure commands.

A remote unauthenticated attacker can leverage these issues to cause the application to de-reference a NULL pointer and subsequently crash.

Solution

Upgrade to IBM solidDB 4.5.182, 6.0.1069, 6.3 Fix Pack 8, 6.5 Fix Pack 4, or later.

See Also

https://www.tenable.com/security/research/tra-2011-03

https://www.zerodayinitiative.com/advisories/ZDI-11-142/

https://www-304.ibm.com/support/docview.wss?uid=swg21496106

Plugin Details

Severity: Medium

ID: 53812

File Name: soliddb_6_5_0_4.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 5/5/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:soliddb

Required KB Items: SMB/solidDB/installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/26/2011

Vulnerability Publication Date: 4/26/2011

Reference Information

CVE: CVE-2011-1208

BID: 47584

SECUNIA: 44380

TRA: TRA-2011-03