CVE-2010-4057

Severity

50%

Complexity

99%

Confidentiality

48%

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315.

solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

IBM solidDB

First reported 14 years ago

2010-10-23 20:39:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

IBM solidDB 4.5.167

4.5.167

IBM solidDB 4.5.168

4.5.168

IBM solidDB 4.5.169

4.5.169

IBM solidDB 4.5.173

4.5.173

IBM solidDB 4.5.175

4.5.175

IBM solidDB 4.5.176

4.5.176

IBM solidDB 4.5.178

4.5.178

IBM solidDB 6.0.1060

6.0.1060

IBM solidDB 6.0.1061

6.0.1061

IBM solidDB 6.0.1064

6.0.1064

IBM solidDB 6.0.1065

6.0.1065

IBM solidDB 6.0.1066

6.0.1066

IBM solidDB 6.1

6.1

IBM solidDB 6.1.20

6.1.20

IBM solidDB 6.3.33 (6.3 Fix Pack 2)

6.3.33

IBM solidDB 6.3.37 (6.3 Fix Pack 3)

6.3.37

IBM solidDB 6.5.0.0

6.5.0.0

IBM solidDB 6.5.0.1 (Fix Pack 1)

6.5.0.1

IBM solidDB 6.5.0.2 (Fix Pack 2)

6.5.0.2

IBM solidDB 6.30.0039 (6.3 Fix Pack 4)

6.30.0039

IBM solidDB 6.30.0040 (6.3 Fix Pack 5)

6.30.0040

IBM solidDB 6.30.0044 (6.3 Fix Pack 6)

6.30.0044

References

http://aluigi.altervista.org/adv/soliddb_1-adv.txt

Exploit

41873

Vendor Advisory

1024597

15261

Exploit

ADV-2010-2715

Vendor Advisory

ibm-solid-database-server-dos(62590)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.