Remote DoS during CONNECT processing

Posted September 1, 2006 by egonzales in Database Security, Database Vendor, IBM DB2, IBM DB2, Security Advisory, Topics with 0 comments

Remote DoS during CONNECT processing

Sept 1, 2006

Risk Level: Medium

Affected versions:
All versions of IBM DB2 Database Server

This vulnerability was discovered and researched by Vivek Rathod of Application Security, Inc.

When connecting to a remote DB2 instance, the version 7 client typically sends a SQLJRA packet requesting start of the connection. If this SQLJRA packet is specially crafted, it can cause a DoS attack by crashing the DB2 instance. Altering a few bytes at specific offsets in the packet exposes multiple NULL/invalid pointer dereference bugs in the server code.

For example, on Windows, if 0×00 is used at any of these offsets, the sqle_db2ra_as_con_database function (from DB2ENGN.DLL) attempts to access NULL or invalid memory locations, causing an unhandled access violation (0xC0000005). This causes the DB2 instance to crash.

Any remote unauthenticated attacker can crash the DB2 instance.

Vendor Status:
Vendor was contacted and a patch was released.

To fix the problem apply the fixpak 13 for DB2 version 8.1 (same as 8.2 FP6)

Secunia Advisory:
CVE Reference:

Leave a Reply

Name (required)

Mail (will not be published) (required)


Please note: JavaScript is required to post comments.

Powered by