Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM DB2 9.7 < 9.7 Fix Pack 5 Local DoS

Low

Synopsis

The remote IBM DB2 database server is vulnerable to a denial of service attack.

Description

Versions of IBM DB2 9.7 earlier than Fix Pack 5 are potentially affected by a local denial of service vulnerability. On Unix and Unix-like systems with both the Self Tuning Memory manager (STMM) feature enabled and the 'DATABASE_MEMORY' option set to 'AUTOMATIC', local users are able to carry out denial of service attacks via unknown vectors.

Solution

Disable automatic tuning of 'DATABASE_MEMORY' or upgrade to IBM DB2 9.7 Fix Pack 5 or higher.