CERTA-2009-AVI-014
Vulnerability from certfr_avis - Published: 2009-01-14 - Updated: 2009-01-14
Deux vulnérabilités dans IBM DB2 permettent à une personne malintentionnée d'effectuer un déni de service à distance.
Description
Deux vulnérabilités affectant IBM DB2 ont été découvertes :
- la première permet à une personne malveillante d'effectuer un déni de service à distance via un flux de type CONNECT spécialement conçu ;
- la seconde, non documentée, permet à une personne distante via un flux spécialement conçu d'effectuer un déni de service.
Solution
Se référer au bulletin de sécurité IBM pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Connect Server.",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Enterprise Server Edition ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Workgroup Server ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BD2 Express Server ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Personnal Edition ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s affectant IBM DB2 ont \u00e9t\u00e9 d\u00e9couvertes :\n\n- la premi\u00e8re permet \u00e0 une personne malveillante d\u0027effectuer un d\u00e9ni\n de service \u00e0 distance via un flux de type CONNECT sp\u00e9cialement con\u00e7u\n ;\n- la seconde, non document\u00e9e, permet \u00e0 une personne distante via un\n flux sp\u00e9cialement con\u00e7u d\u0027effectuer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 IBM pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2009-01-14T00:00:00",
"last_revision_date": "2009-01-14T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-014",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans IBM DB2 permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM DB2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21363936 du 13 janvier 2009",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21363936"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…