Detections
Analytics
IBM solidDB 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities
medium Nessus Plugin ID 58105
Language:
Synopsis
The remote database server is affected by multiple denial of service vulnerabilities.Description
The remote database system is affected by multiple denial of service vulnerabilities :- Sending packets with many integer fields can trigger several recursive calls of a certain function causing an excessive amount of stack memory consumption. (CVE-2010-4055, IC80074)
- Upon receiving a packet containing only a single integer field, a NULL pointer dereference can occur causing a daemon crash. (CVE-2010-4056, IC80075)
- When receiving a packet with many different integer fields containing two different values, an invalid memory access and daemon crash can occur. (CVE-2010-4057, IC80076)
Solution
Update to solidDB 6.5.0.8 or later.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg27021052#fp8
Plugin Details
Severity: Medium
ID: 58105
File Name: soliddb_6_5_0_8.nasl
Version: 1.7
Type: remote
Family: Databases
Published: 2/23/2012
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: cpe:/a:ibm:soliddb
Required KB Items: SMB/solidDB/installed
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/5/2011
Vulnerability Publication Date: 10/25/2010
Exploitable With
Core Impact
Reference Information
CVE: CVE-2010-4055, CVE-2010-4056, CVE-2010-4057
BID: 44158