IBM DB2 - Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability

2000-12-05T00:00:00
ID EDB-ID:20470
Type exploitdb
Reporter benjurry
Modified 2000-12-05T00:00:00

Description

IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability. CVE-2001-0052. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/2067/info


IBM DB2 Universal Database is a distributed database application.

It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contains a datetime type and varchar type, the server may cease to fucntion requiring a manual reset. The following example was submitted by Benjurry in their advisory:

connect reset;
connect to sample user db2admin using db2admin;
select * from employee where year(birthdate)=1999 and firstnme<'';

It is not known what the cause for this behaviour is. Restarting the application is required in order to regain normal functionality.