CVE-2006-4257

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg24013114	Patch
http://secunia.com/advisories/21550	Patch Vendor Advisory
http://www.securityfocus.com/bid/19586
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
http://www.vupen.com/english/advisories/2006/3328	Vendor Advisory
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
http://www.securityfocus.com/archive/1/454307/100/0/threaded
http://www.securityfocus.com/archive/1/445298/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:db2:8.1.4::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.4::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6::linux:::::
	cpe:2.3:a:ibm:db2:8.1.6::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.7::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.7b::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.7b::windows:::::
	cpe:2.3:a:ibm:db2:8.1.8a::linux:::::
	cpe:2.3:a:ibm:db2:8.1.8a::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.12::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.8::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::linux:::::
	cpe:2.3:a:ibm:db2:8.1.5::linux:::::
	cpe:2.3:a:ibm:db2:8.0::os_390:::::
	cpe:2.3:a:ibm:db2:8.1.5::windows:::::
	cpe:2.3:a:ibm:db2:8.12::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7b::aix:::::
	cpe:2.3:a:ibm:db2:8.1::aix:::::
	cpe:2.3:a:ibm:db2:8.1.5::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.4::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.9::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.4::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7::windows:::::
	cpe:2.3:a:ibm:db2:8.1::solaris:::::
	cpe:2.3:a:ibm:db2:8.1::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6c::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.6c::linux:::::
	cpe:2.3:a:ibm:db2:8.1.9a::windows:::::
	cpe:2.3:a:ibm:db2:8.1.4::linux:::::
	cpe:2.3:a:ibm:db2:8.1.8::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.8::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8a::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.0::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.6c::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.8::linux:::::
	cpe:2.3:a:ibm:db2:8.2::linux:::::
	cpe:2.3:a:ibm:db2:8.12::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6c::aix:::::
	cpe:2.3:a:ibm:db2:8.1.6c::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::aix:::::
	cpe:2.3:a:ibm:db2:8.10::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::solaris:::::
	cpe:2.3:a:ibm:db2:8.1.9a::linux:::::
	cpe:2.3:a:ibm:db2:8.1::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.1.8a::windows:::::
	cpe:2.3:a:ibm:db2:8.0::aix:::::
	cpe:2.3:a:ibm:db2:8.1.6::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.10::windows:::::
	cpe:2.3:a:ibm:db2:8.1.5::aix:::::
	cpe:2.3:a:ibm:db2:8.1.7b::linux:::::
	cpe:2.3:a:ibm:db2:8.1.6::windows:::::
	cpe:2.3:a:ibm:db2:8.1.9::windows:::::
	cpe:2.3:a:ibm:db2:8.1.6::aix:::::
	cpe:2.3:a:ibm:db2:8.1.8a::aix:::::
	cpe:2.3:a:ibm:db2:8.1::linux:::::
	cpe:2.3:a:ibm:db2:8.1.7::linux:::::
	cpe:2.3:a:ibm:db2:8.1.5::hp_ux:::::
	cpe:2.3:a:ibm:db2:8.10::linux:::::
	cpe:2.3:a:ibm:db2:8.1.9::solaris:::::
cpe:2.3:a:ibm:db2:8.1.7b::hp_ux:::::

Information

Published : 2006-08-21 13:04

Updated : 2018-10-17 14:34

NVD link : CVE-2006-4257

Mitre link : CVE-2006-4257

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

ibm

4.0 /10