IBM DB2 and DB2 Connect are prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
The following products are affected:
IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Advanced Workgroup Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z
Information
IBM Smart Analytics System 7700 9.7
IBM Smart Analytics System 7600 0
IBM Smart Analytics System 5710 0
IBM Smart Analytics System 5600 0
IBM Smart Analytics System 2050 0
IBM Smart Analytics System 1050 0
IBM PureData System for Operational Analytics A1791 1.0
IBM InfoSphere Balanced Warehouse D5100
IBM InfoSphere Balanced Warehouse C4000
IBM InfoSphere Balanced Warehouse C3000
IBM DB2 Workgroup Server Edition 9.8
IBM DB2 Workgroup Server Edition 9.7
IBM DB2 Workgroup Server Edition 10.5
IBM DB2 Workgroup Server Edition 10.1
IBM DB2 pureScale 9.8
IBM DB2 Express Edition 9.8
IBM DB2 Express Edition 9.7
IBM DB2 Express Edition 10.5
IBM DB2 Express Edition 10.1
IBM DB2 Enterprise Server Edition 9.8
IBM DB2 Enterprise Server Edition 9.7
IBM DB2 Enterprise Server Edition 10.5
IBM DB2 Enterprise Server Edition 10.1
IBM DB2 Connect Unlimited Edition for System z 9.8
IBM DB2 Connect Unlimited Edition for System z 9.7
IBM DB2 Connect Unlimited Edition for System z 10.5
IBM DB2 Connect Unlimited Edition for System z 10.1
IBM DB2 Connect Unlimited Edition for System i 9.8
IBM DB2 Connect Unlimited Edition for System i 9.7
IBM DB2 Connect Unlimited Edition for System i 10.5
IBM DB2 Connect Unlimited Edition for System i 10.1
IBM DB2 Connect Enterprise Edition 9.8
IBM DB2 Connect Enterprise Edition 9.7
IBM DB2 Connect Enterprise Edition 10.5
IBM DB2 Connect Enterprise Edition 10.1
IBM DB2 Connect Application Server Edition 9.8
IBM DB2 Connect Application Server Edition 9.7
IBM DB2 Connect Application Server Edition 10.5
IBM DB2 Connect Application Server Edition 10.1
IBM DB2 Advanced Workgroup Server Edition 9.8
IBM DB2 Advanced Workgroup Server Edition 9.7
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.1
IBM DB2 Advanced Enterprise Server Edition 9.8
IBM DB2 Advanced Enterprise Server Edition 9.7
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Enterprise Server Edition 10.1
Exploit
To exploit this issue attackers can use readily available network utilities.
References:
- IBM DB2 Homepage (IBM)
- Download DB2 Fix Packs by version for DB2 for Linux, UNIX and Windows (IBM)
- Security Bulletin: Executing a query with an OLAP specification causes the DB2 s (IBM)
- Security Bulletin: Executing a query with an OLAP specification on the IBM InfoS (IBM)
- Security Bulletin: Executing a query with an OLAP specification on the IBM PureD (IBM)
- Security Bulletin: Executing a query with an OLAP specification on the IBM Smart (IBM)