IBM solidDB Stored Procedure Call Remote Denial of Service

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has a database server installed that is affected by a
remote denial of service vulnerability.

Description :

The version of IBM solidDB installed on the remote host is 6.5.x prior
to 6.5.0.12, 6.30.x prior to 6.30.0.55, 6.0.x prior to 6.0.0.1070, or
7.0.x prior to 7.0.0.4. It therefore is reportedly affected by a
remote denial of service vulnerability that can be triggered by
calling a stored procedure with an omitted default value parameter.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg1IC94043
http://www-01.ibm.com/support/docview.wss?uid=swg1IC94044
http://www-01.ibm.com/support/docview.wss?uid=swg1IC88796
http://www-01.ibm.com/support/docview.wss?uid=swg1IC88797
https://www-304.ibm.com/support/docview.wss?uid=swg21643599
http://www.nessus.org/u?64f69819
http://www.nessus.org/u?24195ffd

Solution :

Upgrade solidDB to version 6.0.0.1070 / 6.30.0.55 / 6.5.0.12 / 7.0.0.4 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 66351 ()

Bugtraq ID: 59637

CVE ID: CVE-2013-3031