CVE-2006-6638

Severity

50%

Complexity

99%

Confidentiality

48%

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

IBM DB2 Universal Database

First reported 18 years ago

2006-12-19 20:28:00

Last updated 16 years ago

2008-09-05 21:15:00

Affected Software

IBM DB2 Universal Database 8.1.4

8.1.4

IBM DB2 Universal Database 8.1.5

8.1.5

IBM DB2 Universal Database 8.1.6

8.1.6

IBM DB2 Universal Database 8.1.6c

8.1.6c

IBM DB2 Universal Database 8.1.7

8.1.7

IBM DB2 Universal Database 8.1.7b

8.1.7b

IBM DB2 Universal Database 8.1.8

8.1.8

IBM DB2 Universal Database 8.1.8a

8.1.8a

IBM DB2 Universal Database 8.1.9

8.1.9

IBM DB2 Universal Database 8.1.9a

8.1.9a

IBM DB2 Universal Database 8.10

8.10

IBM DB2 Universal Database 8.12

8.12

References

23397

Patch, Vendor Advisory

http://www.appsecinc.com/resources/alerts/db2/2006-11-30.shtml

Patch, Vendor Advisory

21646

Patch

IY91847

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.