Denial of Service Vulnerability in Discovery

Posted September 18, 2003 by egonzales in Database Security, Database Vendor, IBM DB2, IBM DB2, Security Advisory, Topics with 0 comments

Denial of Service Vulnerability in Discovery

September 18, 2003

Risk level: Low

IBM DB2 provides a UDP service used as a discovery service for locating DB2databases on the network. This UDP service shuts down when sent more than 20bytes.

IBM DB2 is a database that provides many services. One of these services is a discovery service. This is used to locate a service when configuring a connection. This service listens on UDP port 523.

This service typically receives a packet such as “DB2GETADDR SQL07020″. If a packet larger than 20 bytes is received by the server, the service will shutdown.

Once the discovery service crashes, the service “DB2 – DB2DAS00″ must be restarted.

This issue is cover under the fix “IY47686: Search Discovery Listener Denial of Service Vulnerability”.

Apply FixPak 10a from IBM. This can be downloaded from the following location:

Leave a Reply

Name (required)

Mail (will not be published) (required)


Please note: JavaScript is required to post comments.

Powered by