DB2 Universal Database is prone to a denial-of-service vulnerability. IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
Information
IBM DB2® Express Edition 9.5
IBM DB2® Enterprise Server Edition 9.5
IBM DB2® Connect� Unlimited Edition for System z® 9.5
IBM DB2® Connect� Unlimited Edition for System i® 9.5
IBM DB2® Connect� Enterprise Edition 9.5
IBM DB2® Connect� Application Server Edition 9.5
IBM DB2® Advanced Enterprise Server Edition 9.5
IBM DB2 Workgroup Server Edition 9.1
IBM DB2 Universal Database 9.8 Fp3
IBM DB2 Universal Database 9.7 Fp4
IBM DB2 Universal Database 9.7 Fp3
IBM DB2 Universal Database 9.7 Fp1
IBM DB2 Universal Database 9.5 Fp6a
IBM DB2 Universal Database 9.5 Fp4a
IBM DB2 Universal Database 9.5 Fp3
IBM DB2 Universal Database 9.1 Fp9
IBM DB2 Universal Database 9.1 Fp3a
IBM DB2 Universal Database 9.1 Fp3
IBM DB2 Universal Database 9.1 Fp2
IBM DB2 Universal Database 9.1 Fp10
IBM DB2 Express Edition 9.1
IBM DB2 Enterprise Server Edition 9.1
IBM DB2 Connect Unlimited Edition for System z 9.1
IBM DB2 Connect Unlimited Edition for System i 9.1
IBM DB2 Connect Enterprise Edition 9.1
IBM DB2 Connect Application Server Edition 9.1
IBM DB2 Advanced Enterprise Server Edition 9.1
IBM DB2 Workgroup Server Edition 9.7
IBM DB2 Express Edition 9.7
IBM DB2 Enterprise Server Edition 9.7
IBM DB2 Connectâ?¢ Unlimited Edition for System z 9.7
IBM DB2 Connectâ?¢ Unlimited Edition for System i 9.7
IBM DB2 Connectâ?¢ Enterprise Edition 9.7
IBM DB2 Connectâ?¢ Application Server Edition 9.7
IBM DB2 Advanced Enterprise Server Edition 9.7
IBM DB2 9.8
IBM DB2 9.7 Fp3a
IBM DB2 9.7 Fp2
IBM DB2 9.5 Fp8
IBM DB2 9.5 Fp7
IBM DB2 9.5 Fp6
IBM DB2 9.5 Fp3b
IBM DB2 9.5 Fp2a
IBM DB2 9.1 Fp8
IBM DB2 9.1 Fp7a
IBM DB2 9.1 Fp4
IBM DB2 9.1 Fp2a
IBM DB2 9.1 Fp1
IBM DB2 9.1
Exploit
Attackers can exploit this issue by using readily available network tools.
References:
- IBM IC76781: SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER. - United States (AIXAPAR)
- IBM IC76899: SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER. - United States (AIXAPAR)
- IBM IC76901: SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER. - United States (AIXAPAR)
- IBM IC76902: SECURITY: REMOTE DENIAL OF SERVICE OF DB2 SERVER. - United States (AIXAPAR)
- IBM Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-07 (CONFIRM)
- IBM X-Force Exchange Beta (XF)