IBM DB2 10.5 < Fix Pack 8 Multiple DoS
Medium Nessus Plugin ID 94899
SynopsisThe remote database server is affected by multiple vulnerabilities.
DescriptionAccording to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 8. It is, therefore, affected by the following vulnerabilities :
- A denial of service vulnerability exists in the SQLNP_SCOPE_TRIAL() function due to improper handling of SQL statements. An authenticated, remote attacker can exploit this to crash the database. (VulnDB 144371)
- A denial of service vulnerability exists in the Query Compiler QGM due to improper handling of specific queries. An authenticated, remote attacker can exploit this, via a specially crafted query, to crash the database. (VulnDB 144373)
SolutionApply IBM DB2 version 10.5 Fix Pack 8 or later.