IBM DB2 Discovery Service DoS

2003-09-19T09:04:53
ID OSVDB:2169
Type osvdb
Reporter Aaron C. Newman(anewman@appsecinc.com)
Modified 2003-09-19T09:04:53

Description

Vulnerability Description

DB2 Discovery Service contains a flaw that may allow a remote denial of service. The issue is triggered when more than 20 bytes of data is sent to the discovery service on UDP port 523, and will result in loss of availability for the Discovery Service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released Fixpak 10a to address this vulnerability.

Short Description

DB2 Discovery Service contains a flaw that may allow a remote denial of service. The issue is triggered when more than 20 bytes of data is sent to the discovery service on UDP port 523, and will result in loss of availability for the Discovery Service.

References:

Security Tracker: 1007751 Secunia Advisory ID:9795 Nessus Plugin ID:11896 Keyword: IBM APAR IY47686 ISS X-Force ID: 13244 CVE-2003-0827 Bugtraq ID: 8653