IBM solidDB < 4.5.182 / 6.0.1069 / 6.3.49 / 6.5.0.4 Denial of Service

Medium Nessus Plugin ID 53812

Synopsis

The remote database server is affected by two denial of service vulnerabilities.

Description

According to its version number, the solidDB install on the remote host is affected by two denial of service vulnerabilities due to a flaw in the way the application handles the 'rpc_test_svc_readwrite' and and 'rpc_test_svc_done'procesure commands.

A remote unauthenticated attacker can leverage these issues to cause the application to de-reference a NULL pointer and subsequently crash.

Solution

Upgrade to IBM solidDB 4.5.182, 6.0.1069, 6.3 Fix Pack 8, 6.5 Fix Pack 4, or later.

See Also

https://www.tenable.com/security/research/tra-2011-03

https://www.zerodayinitiative.com/advisories/ZDI-11-142/

https://www-304.ibm.com/support/docview.wss?uid=swg21496106

Plugin Details

Severity: Medium

ID: 53812

File Name: soliddb_6_5_0_4.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 2011/05/05

Updated: 2018/11/15

Dependencies: 31680, 53811

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:soliddb

Required KB Items: SMB/solidDB/installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/04/26

Vulnerability Publication Date: 2011/04/26

Reference Information

CVE: CVE-2011-1208

BID: 47584

TRA: TRA-2011-03

Secunia: 44380