IBM solidDB < 6.30.0.37 Invalid Error Code DoS

medium Nessus Plugin ID 42877

Synopsis

The remote database server is affected by a denial of service vulnerability.

Description

The version of IBM solidDB database server installed on the remote host is older than 6.30.0.37 (6.3 Fix Pack 3 / 6.3.37), and hence is affected by a denial of service vulnerability. By sending a specially crafted packet with a negative error code other than -1, it may be possible for an attacker to crash the remote database.

Solution

Upgrade to IBM solidDB 6.30.0.37 (6.3 Fix Pack 3 / 6.3.37).

See Also

http://www.coresecurity.com/content/ibm-soliddb-errorcode-dos

https://seclists.org/fulldisclosure/2009/Nov/205

http://www-01.ibm.com/support/docview.wss?rs=0&q1=solidb&uid=swg24024510

Plugin Details

Severity: Medium

ID: 42877

File Name: soliddb_6_30_37.nasl

Version: 1.10

Type: local

Family: Databases

Published: 11/24/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:soliddb

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/17/2009

Vulnerability Publication Date: 11/18/2009

Reference Information

CVE: CVE-2009-3840

BID: 37053

SECUNIA: 37380