Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2012 Greenbone Networks GmbHOPENVAS:802729
HistoryApr 03, 2012 - 12:00 a.m.

IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability

2012-04-0300:00:00
Copyright (C) 2012 Greenbone Networks GmbH
plugins.openvas.org
15

0.073 Low

EPSS

Percentile

94.1%

JSON

The host is running IBM DB2 and is prone to denial of service
vulnerability.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ibm_db2_drda_req_dos_vuln.nasl 6018 2017-04-24 09:02:24Z teissa $
#
# IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation allows remote users to cause denial
  of service.
  Impact Level: Application.";
tag_affected = "IBM DB2 version 9.1 before FP11,
  IBM DB2 version 9.5 before FP9,
  IBM DB2 version 9.7 before FP5 and
  IBM DB2 version 9.8 before FP4";
tag_insight = "The flaw is caused due an error within the server component can be exploited
  to cause a crash by sending a specially crafted Distributed Relational
  Database Architecture request.";
tag_solution = "Upgrade to IBM DB2 version 9.1 FP11, 9.5 FP8, 9.7 FP5, 9.8 FP4 or later,
  For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg27007053";
tag_summary = "The host is running IBM DB2 and is prone to denial of service
  vulnerability.";

if(description)
{
  script_id(802729);
  script_version("$Revision: 6018 $");
  script_cve_id("CVE-2012-0710");
  script_bugtraq_id(52326);
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"$Date: 2017-04-24 11:02:24 +0200 (Mon, 24 Apr 2017) $");
  script_tag(name:"creation_date", value:"2012-04-03 10:37:46 +0530 (Tue, 03 Apr 2012)");
  script_name("IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/48279/");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/73494");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg21588090");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg27007053");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("Databases");
  script_dependencies("gb_ibm_db2_remote_detect.nasl");
  script_require_keys("IBM-DB2/Remote/ver");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("version_func.inc");

## Variable Initialization
ibmVer = "";

ibmVer = get_kb_item("IBM-DB2/Remote/ver");
if(!ibmVer){
  exit(0);
}

if(ibmVer =~ "^0907\.*")
{
  # IBM DB2 9.7 FP 5 => 09075
  if(version_is_less(version:ibmVer, test_version:"09075"))
  {
    security_message(0);
    exit(0);
  }
}

if(ibmVer =~ "^0901\.*")
{
  # IBM DB2 9.1 FP 11 => 090111
  if(version_is_less(version:ibmVer, test_version:"090111"))
  {
    security_message(0);
    exit(0);
  }
}

if(ibmVer =~ "^0905\.*")
{
  # IBM DB2 9.5 FP 9 => 09059
  if(version_is_less(version:ibmVer, test_version:"09059"))
  {
    security_message(0);
    exit(0);
  }
}

if(ibmVer =~ "^0908\.*")
{
  # IBM DB2 9.8 FP 4 => 09084
  if(version_is_less(version:ibmVer, test_version:"09084")){
    security_message(0);
  }
}

Related

prion 1
nvd 1
cvelist 1
ubuntucve 1
cve 1
openvas 1
ibm 1
nessus 2
prion
prion
Cross site request forgery (csrf)
2012-03-20 20:55:00
nvd
nvd
CVE-2012-0710
2012-03-20 20:55:01
cvelist
cvelist
CVE-2012-0710
2012-03-20 20:00:00
ubuntucve
ubuntucve
CVE-2012-0710
2012-03-20 00:00:00
cve
cve
CVE-2012-0710
2012-03-20 20:55:01
openvas
openvas
IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
2012-04-03 00:00:00
ibm
ibm
Security Bulletin: DB2 Denial of Service Vulnerability in DRDA (CVE-2012-0710)
2022-09-25 22:31:03
nessus
nessus
IBM DB2 9.1 < Fix Pack 11 Multiple DoS
2012-06-21 00:00:00
DB2 9.5 < Fix Pack 9 Multiple Vulnerabilities
2012-03-08 00:00:00

0.073 Low

EPSS

Percentile

94.1%

JSON
Related for OPENVAS:802729
prion1nvd1cvelist1ubuntucve1cve1openvas1ibm1nessus2