CERTA-2009-AVI-014
Vulnerability from certfr_avis
Deux vulnérabilités dans IBM DB2 permettent à une personne malintentionnée d'effectuer un déni de service à distance.
Description
Deux vulnérabilités affectant IBM DB2 ont été découvertes :
- la première permet à une personne malveillante d'effectuer un déni de service à distance via un flux de type CONNECT spécialement conçu ;
- la seconde, non documentée, permet à une personne distante via un flux spécialement conçu d'effectuer un déni de service.
Solution
Se référer au bulletin de sécurité IBM pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Connect Server.",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Enterprise Server Edition ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Workgroup Server ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BD2 Express Server ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Personnal Edition ;",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s affectant IBM DB2 ont \u00e9t\u00e9 d\u00e9couvertes :\n\n- la premi\u00e8re permet \u00e0 une personne malveillante d\u0027effectuer un d\u00e9ni\n de service \u00e0 distance via un flux de type CONNECT sp\u00e9cialement con\u00e7u\n ;\n- la seconde, non document\u00e9e, permet \u00e0 une personne distante via un\n flux sp\u00e9cialement con\u00e7u d\u0027effectuer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 IBM pour l\u0027obtention des correctifs\n(cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2009-01-14T00:00:00",
"last_revision_date": "2009-01-14T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-014",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans IBM DB2 permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM DB2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21363936 du 13 janvier 2009",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21363936"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…