Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2006-4257

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
21/08/2006
Last modified:
17/10/2018

Description

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

Impact

Vector 2.0
AV:N/AC:L/Au:S/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.00 MEDIUM
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0
4.00
Severity 2.0
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:db2:8.0:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.0:*:os_390:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:hp_ux:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:solaris:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.4:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.4:*:hp_ux:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.4:*:linux:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.4:*:solaris:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.4:*:windows:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.5:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2:8.1.5:*:hp_ux:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools