[NEWS] Denial of Service Vulnerability in DB2 Discovery Service

From: SecuriTeam (support_at_securiteam.com)
Date: 09/21/03

  • Next message: SecuriTeam: "[UNIX] myPHPnuke SQL Injection ($aid)" 
    To: list@securiteam.com
Date: 21 Sep 2003 13:45:51 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Denial of Service Vulnerability in DB2 Discovery Service
    ------------------------------------------------------------------------

    SUMMARY

    IBM DB2 provides a UDP service used as a discovery service for locating
    DB2 databases on the network. This UDP service shuts down when sent more
    than 20 bytes.

    DETAILS

    IBM DB2 is a database that provides many services. One of these services
    is a discovery service. This is used to locate a service when configuring
    a connection. This service listens on UDP port 523.

    This service typically receives a packet such as "DB2GETADDR SQL07020". If
    a packet larger than 20 bytes is received by the server, the service will
    shutdown.

    Once the discovery service crashes, the service "DB2 - DB2DAS00" must be
    restarted.

    This issue is cover under the fix "IY47686: Search Discovery Listener
    Denial of Service Vulnerability".

    Fix:
    Apply FixPak 10a from IBM. This can be downloaded from the following
    location:
    <http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report> http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:aaron@newman-family.com>
    Aaron C. Newman of Application Security, Inc.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] myPHPnuke SQL Injection ($aid)"

    Relevant Pages

    • [NEWS] IBM DB2 LOAD Command Stack Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The vulnerability is triggered by issuing a carefully crafted LOAD ... * IBM DB2 Universal Data Base v7.2 for Windows is vulnerable. ... Issue is fixed in Fixpak 10/10a for DB2 v7.2. ...
      (Securiteam)
    • [NEWS] IBM DB2 INVOKE Command Stack Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... DB2 is IBM's relational database software. ... The vulnerability is triggered by issuing a carefully crafted INVOKE ... * IBM DB2 Universal Data Base v7.2 for Windows is vulnerable. ...
      (Securiteam)
    • [NT] CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... CA Multiple Product Message Engine RPC Server Code Execution Vulnerability ... LSsec has discovered a vulnerability in Computer Associates BrightStor ... The flaw specifically exists within the Discovery Service ...
      (Securiteam)