icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to a denial of service attack.

Description

The remote host is running IBM solidDB.

Versions of solidDB 6.5 earlier than 6.5.0.8 are potentially affected by multiple denial of service vulnerabilities :

- Sending packets with many integer fields can trigger several recursive calls of a certain function causing an excessive amount of stack memory consumption. (CVE-2010-4055, IC80074)

- Upon receiving a packet containing only a single integer field, a NULL pointer dereference can occur causing a daemon crash. (CVE-2010-4056, IC80075)

- When receiving a packet with many different integer fields containing two different values, an invalid memory access and daemon crash can occur. (CVE-2010-4057, IC80076)

Solution

Upgrade to solidDB 6.5.0.8 or later.