[NEWS] Denial of Service Vulnerability in DB2 Discovery Service
From: SecuriTeam (support_at_securiteam.com)
Date: 09/21/03
- Previous message: SecuriTeam: "[NEWS] Denial of Service and JVM Crash via User Injectable XSL Template (toStdout)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 21 Sep 2003 13:45:51 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Denial of Service Vulnerability in DB2 Discovery Service
------------------------------------------------------------------------
SUMMARY
IBM DB2 provides a UDP service used as a discovery service for locating
DB2 databases on the network. This UDP service shuts down when sent more
than 20 bytes.
DETAILS
IBM DB2 is a database that provides many services. One of these services
is a discovery service. This is used to locate a service when configuring
a connection. This service listens on UDP port 523.
This service typically receives a packet such as "DB2GETADDR SQL07020". If
a packet larger than 20 bytes is received by the server, the service will
shutdown.
Once the discovery service crashes, the service "DB2 - DB2DAS00" must be
restarted.
This issue is cover under the fix "IY47686: Search Discovery Listener
Denial of Service Vulnerability".
Fix:
Apply FixPak 10a from IBM. This can be downloaded from the following
location:
<http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report> http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report.
ADDITIONAL INFORMATION
The information has been provided by <mailto:aaron@newman-family.com>
Aaron C. Newman of Application Security, Inc.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Denial of Service and JVM Crash via User Injectable XSL Template (toStdout)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] IBM DB2 LOAD Command Stack Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The vulnerability is triggered
by issuing a carefully crafted LOAD ... * IBM DB2 Universal Data Base v7.2 for Windows
is vulnerable. ... Issue is fixed in Fixpak 10/10a for DB2 v7.2. ... (Securiteam) - [NEWS] IBM DB2 INVOKE Command Stack Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... DB2 is IBM's relational database
software. ... The vulnerability is triggered by issuing a carefully crafted INVOKE
... * IBM DB2 Universal Data Base v7.2 for Windows is vulnerable. ... (Securiteam) - [NT] CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... CA Multiple Product Message
Engine RPC Server Code Execution Vulnerability ... LSsec has discovered a vulnerability in
Computer Associates BrightStor ... The flaw specifically exists within the Discovery
Service ... (Securiteam)
