CVE-2011-1208

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command.

References

http://secunia.com/advisories/44380

http://securitytracker.com/id?1025451

http://www.ibm.com/support/docview.wss?uid=swg21496106

http://www.securityfocus.com/bid/47584

http://www.vupen.com/english/advisories/2011/1117

http://www.zerodayinitiative.com/advisories/ZDI-11-142/

https://exchange.xforce.ibmcloud.com/vulnerabilities/67019

Details

Source: MITRE

Published: 2011-05-05

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
53812IBM solidDB < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of ServiceNessusWindows
medium
5906IBM Solid Database < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of Service VulnerabilityNessus Network MonitorDatabase
high