IBM DB2 Universal Database SQL Query IN Clause DoS

2006-05-15T09:18:59
ID OSVDB:29860
Type osvdb
Reporter OSVDB
Modified 2006-05-15T09:18:59

Description

Vulnerability Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker issues a SQL query with an extremely large IN clause, and will result in loss of availability for the service.

Solution Description

Upgrade to version 8 FixPak 12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DB2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker issues a SQL query with an extremely large IN clause, and will result in loss of availability for the service.

References:

Vendor URL: http://www-3.ibm.com/software/data/db2/ Vendor Specific Advisory URL Secunia Advisory ID:20579 Related OSVDB ID: 29862 Related OSVDB ID: 27992 Related OSVDB ID: 29861 FrSIRT Advisory: ADV-2006-2332 CVE-2006-3067