icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

IBM DB2 9.7 < 9.7 Fix Pack 5 Local DoS

Low

Synopsis

The remote IBM DB2 database server is vulnerable to a denial of service attack.

Description

Versions of IBM DB2 9.7 earlier than Fix Pack 5 are potentially affected by a local denial of service vulnerability. On Unix and Unix-like systems with both the Self Tuning Memory manager (STMM) feature enabled and the 'DATABASE_MEMORY' option set to 'AUTOMATIC', local users are able to carry out denial of service attacks via unknown vectors.

Solution

Disable automatic tuning of 'DATABASE_MEMORY' or upgrade to IBM DB2 9.7 Fix Pack 5 or higher.