CVE-2010-4055

Severity

50%

Complexity

99%

Confidentiality

48%

Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function.

Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

IBM solidDB

First reported 14 years ago

2010-10-23 20:39:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

IBM solidDB 4.5.167

4.5.167

IBM solidDB 4.5.168

4.5.168

IBM solidDB 4.5.169

4.5.169

IBM solidDB 4.5.173

4.5.173

IBM solidDB 4.5.175

4.5.175

IBM solidDB 4.5.176

4.5.176

IBM solidDB 4.5.178

4.5.178

IBM solidDB 6.0.1060

6.0.1060

IBM solidDB 6.0.1061

6.0.1061

IBM solidDB 6.0.1064

6.0.1064

IBM solidDB 6.0.1065

6.0.1065

IBM solidDB 6.0.1066

6.0.1066

IBM solidDB 6.1

6.1

IBM solidDB 6.1.20

6.1.20

IBM solidDB 6.3.33 (6.3 Fix Pack 2)

6.3.33

IBM solidDB 6.3.37 (6.3 Fix Pack 3)

6.3.37

IBM solidDB 6.5.0.0

6.5.0.0

IBM solidDB 6.5.0.1 (Fix Pack 1)

6.5.0.1

IBM solidDB 6.5.0.2 (Fix Pack 2)

6.5.0.2

IBM solidDB 6.30.0039 (6.3 Fix Pack 4)

6.30.0039

IBM solidDB 6.30.0040 (6.3 Fix Pack 5)

6.30.0040

IBM solidDB 6.30.0044 (6.3 Fix Pack 6)

6.30.0044

References

http://aluigi.altervista.org/adv/soliddb_1-adv.txt

Exploit

41873

Vendor Advisory

1024597

15261

Exploit

ADV-2010-2715

Vendor Advisory

ibm-solid-database-server-dos(62590)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.