IBM solidDB 6.5 < 6.5.0.8 Interim Fix 6 Redundant WHERE Clause Select Statement Parsing Remote DoS

medium Nessus Plugin ID 58106

Synopsis

The remote database server is affected by a denial of service vulnerability.

Description

According to its version number, the solidDB install on the remote host is affected by a denial of service vulnerability due to a flaw in the way the application handles 'SELECT' statements containing a redundant WHERE condition.

Solution

Update to solidDB 6.5.0.8 Interim Fix 6 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IC81244

http://www.ibm.com/support/docview.wss?uid=swg27021052

Plugin Details

Severity: Medium

ID: 58106

File Name: soliddb_6_5_0_8_if6.nasl

Version: 1.6

Type: local

Family: Databases

Published: 2/23/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:soliddb

Required KB Items: SMB/solidDB/installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2012

Vulnerability Publication Date: 2/21/2012

Reference Information

CVE: CVE-2012-0200

BID: 52111