Vulners
Lucene search
IBM DB2 Semaphore Signaling Denial of Service Vulnerability
source: http://www.securityfocus.com/bid/11403/info
A denial of service vulnerability has been reported in IBM DB2. This vulnerability is reported to only exist when DB2 is installed on Microsoft Windows operating systems. This issue is due to a failure of the application to properly ensure that only authorized users can signal the DB2 UDB instance to shutdown. This is due to a Windows permissions issue related to shared memory sections, culminating in various denial of service attacks.
This vulnerability allows attackers with local access to shutdown the DB2 UDB instance. This will result in the denial of database service to legitimate users.
- Users may set the 'DB2SHUTDOWNSEM' + pid event to shutdown the database. The following example was provided:
DB2SHUTDOWNSEM000002ec
- Non-zero values may be written to the 'DB2SHMSECURITYSERVICE' shared memory section and then read by setting the 'DB2NTSECURITYINPUT' input event.
- Users may write to the 'DB20QM' shared memory section. The following example was provided:
section write DB20QM
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1