CVE-2008-3959

Severity

50%

Complexity

99%

Confidentiality

48%

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2008-09-11 01:13:00

Last updated 7 years ago

2017-08-08 01:32:00

Affected Software

IBM DB2 8.2

8.2

IBM DB2 8.2 Fixpack 1

8.2

IBM DB2 8.2 Fixpack 2

8.2

IBM DB2 8.2 Fixpack 3

8.2

IBM DB2 8.2 Fixpack 4

8.2

IBM DB2 8.2 Fixpack 5

8.2

IBM DB2 8.2 Fixpack 6

8.2

IBM DB2 8.2 Fixpack 7

8.2

References

29022

http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml

IZ05043

Patch

ibm-db2-connect-attach-dos2(45134)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.