IBM DB2 Universal Database LOAD Command "long column list" Parameter DoS

2006-05-16T09:18:59
ID OSVDB:27992
Type osvdb
Reporter OSVDB
Modified 2006-05-16T09:18:59

Description

Vulnerability Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when the column list specified in the REPLACE INTO or INSERT INTO section of a LOAD command is too long, or if an incorrect delimiter is used in the column list, and will result in loss of availability for the service.

Solution Description

Upgrade to version 8 FixPak 12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when the column list specified in the REPLACE INTO or INSERT INTO section of a LOAD command is too long, or if an incorrect delimiter is used in the column list, and will result in loss of availability for the service.

References:

Vendor URL: http://www-3.ibm.com/software/data/db2/ Vendor Specific Advisory URL Secunia Advisory ID:20579 Related OSVDB ID: 29860 Related OSVDB ID: 29862 Related OSVDB ID: 29861 FrSIRT Advisory: ADV-2006-2332 CVE-2006-3067