CVE-2006-4257

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg24013114	Patch
http://secunia.com/advisories/21550	Patch Vendor Advisory
http://www.securityfocus.com/bid/19586
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
http://www.vupen.com/english/advisories/2006/3328	Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
http://www.securityfocus.com/archive/1/454307/100/0/threaded
http://www.securityfocus.com/archive/1/445298/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:8.1.4::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.4::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6::linux:::::
	cpe:2.3:a:ibm:db2:8.1.6::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.7::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.7b::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.7b::windows:::::
	cpe:2.3:a:ibm:db2:8.1.8a::linux:::::
	cpe:2.3:a:ibm:db2:8.1.8a::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.12::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.8::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::linux:::::
	cpe:2.3:a:ibm:db2:8.1.5::linux:::::
	cpe:2.3:a:ibm:db2:8.0::os_390:::::
	cpe:2.3:a:ibm:db2:8.1.5::windows:::::
	cpe:2.3:a:ibm:db2:8.12::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7b::aix:::::
	cpe:2.3:a:ibm:db2:8.1::aix:::::
	cpe:2.3:a:ibm:db2:8.1.5::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.4::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.9::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.4::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7::windows:::::
	cpe:2.3:a:ibm:db2:8.1::solaris:::::
	cpe:2.3:a:ibm:db2:8.1::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6c::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.6c::linux:::::
	cpe:2.3:a:ibm:db2:8.1.9a::windows:::::
	cpe:2.3:a:ibm:db2:8.1.4::linux:::::
	cpe:2.3:a:ibm:db2:8.1.8::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.8::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8a::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.0::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.6c::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.8::linux:::::
	cpe:2.3:a:ibm:db2:8.2::linux:::::
	cpe:2.3:a:ibm:db2:8.12::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6c::aix:::::
	cpe:2.3:a:ibm:db2:8.1.6c::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::aix:::::
	cpe:2.3:a:ibm:db2:8.10::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::linux:::::
	cpe:2.3:a:ibm:db2:8.1::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.8a::windows:::::
	cpe:2.3:a:ibm:db2:8.0::aix:::::
	cpe:2.3:a:ibm:db2:8.1.6::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.10::windows:::::
	cpe:2.3:a:ibm:db2:8.1.5::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7b::linux:::::
	cpe:2.3:a:ibm:db2:8.1.6::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8a::aix:::::
	cpe:2.3:a:ibm:db2:8.1::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7::linux:::::
	cpe:2.3:a:ibm:db2:8.1.5::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.10::linux:::::
	cpe:2.3:a:ibm:db2:8.1.9::solaris:::::
cpe:2.3:a:ibm:db2:8.1.7b::hp_ux:::::

Information

Published : 2006-08-21 13:04

Updated : 2018-10-17 14:34

NVD link : CVE-2006-4257

Mitre link : CVE-2006-4257

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

ibm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114", "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24013114", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/21550", "name": "21550", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/19586", "name": "19586", "tags": [], "refsource": "BID"}, {"url": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml", "name": "http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2006/3328", "name": "ADV-2006-3328", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT", "name": "IY87211", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/archive/1/454307/100/0/threaded", "name": "20061213 IBM DB2 Remote DoS during CONNECT processing", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/445298/100/0/threaded", "name": "20060906 Details for BID 19586", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4257", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-21T20:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.4:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.4:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7b:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7b:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8a:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8a:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9a:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9a:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.12:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.5:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.0:*:os_390:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.5:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.12:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7b:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.5:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.4:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.4:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6c:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6c:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9a:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.4:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8a:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.0:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6c:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.2:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.12:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6c:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6c:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.10:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9a:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9a:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8a:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.0:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.10:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.5:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7b:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.6:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.8a:*:aix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.5:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.10:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.9:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:db2:8.1.7b:*:hp_ux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:34Z"}

4.0 /10