IBM DB2 and DB2 Connect are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application using the affected library to crash, denying service to legitimate users.
The following products are affected:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Advanced Workgroup Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z
Information
IBM Systems Director 6.3.5.0
IBM Systems Director 6.3.3.1
IBM Systems Director 6.3.3.0
IBM Systems Director 6.3.2.1
IBM Systems Director 6.3.1.1
IBM Systems Director 6.3.1.0
IBM Systems Director 6.3
IBM Flex System Manager 1.3.2 0
IBM Flex System Manager 1.3.2
IBM Flex System Manager 1.2.1
IBM Flex System Manager 1.2
IBM Flex System Manager 1.1
IBM Flex System Manager 1.3.1
IBM Flex System Manager 1.3.0.1
IBM Flex System Manager 1.3.0
IBM DB2 Workgroup Server Edition 9.8
IBM DB2 Workgroup Server Edition 9.7
IBM DB2 Workgroup Server Edition 9.5
IBM DB2 Workgroup Server Edition 10.5
IBM DB2 Workgroup Server Edition 10.1
IBM DB2 pureScale 9.8
IBM DB2 Express Edition 9.8
IBM DB2 Express Edition 9.7
IBM DB2 Express Edition 9.5
IBM DB2 Express Edition 10.5
IBM DB2 Express Edition 10.1
IBM DB2 Enterprise Server Edition 9.8
IBM DB2 Enterprise Server Edition 9.7
IBM DB2 Enterprise Server Edition 9.5
IBM DB2 Enterprise Server Edition 10.5
IBM DB2 Enterprise Server Edition 10.1
IBM DB2 Connect Unlimited Edition for System z 9.8
IBM DB2 Connect Unlimited Edition for System z 9.7
IBM DB2 Connect Unlimited Edition for System z 9.5
IBM DB2 Connect Unlimited Edition for System z 10.5
IBM DB2 Connect Unlimited Edition for System z 10.1
IBM DB2 Connect Unlimited Edition for System i 9.8
IBM DB2 Connect Unlimited Edition for System i 9.7
IBM DB2 Connect Unlimited Edition for System i 9.5
IBM DB2 Connect Unlimited Edition for System i 10.5
IBM DB2 Connect Unlimited Edition for System i 10.1
IBM DB2 Connect Enterprise Edition 9.8
IBM DB2 Connect Enterprise Edition 9.7
IBM DB2 Connect Enterprise Edition 9.5
IBM DB2 Connect Enterprise Edition 10.5
IBM DB2 Connect Enterprise Edition 10.1
IBM DB2 Connect Application Server Edition 9.8
IBM DB2 Connect Application Server Edition 9.7
IBM DB2 Connect Application Server Edition 9.5
IBM DB2 Connect Application Server Edition 10.5
IBM DB2 Connect Application Server Edition 10.1
IBM DB2 Advanced Workgroup Server Edition 9.8
IBM DB2 Advanced Workgroup Server Edition 9.7
IBM DB2 Advanced Workgroup Server Edition 9.5
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.1
IBM DB2 Advanced Enterprise Server Edition 9.8
IBM DB2 Advanced Enterprise Server Edition 9.7
IBM DB2 Advanced Enterprise Server Edition 9.5
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Enterprise Server Edition 10.1
Exploit
To exploit this issue attackers can use readily available network utilities.
References:
- IBM DB2 Homepage (IBM)
- IBM Systems Director is affected by DB2 vulnerabilities (CVE-2013-4033, CVE-2013 (IBM)
- Security Bulletin: Denial of Service Vulnerability in DB2's XSLT Library. (CVE-2 (IBM)
- Security Bulletin: IBM Flex System Manager (FSM) is affected by vulnerabilities (IBM)
- Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Lin (IBM)