IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities

Medium Nessus Network Monitor Plugin ID 6340

Synopsis

The remote database server is vulnerable to a denial of service attack.

Description

The remote host is running IBM solidDB.

Versions of solidDB 6.5 earlier than 6.5.0.8 are potentially affected by multiple denial of service vulnerabilities :

- Sending packets with many integer fields can trigger several recursive calls of a certain function causing an excessive amount of stack memory consumption. (CVE-2010-4055, IC80074)

- Upon receiving a packet containing only a single integer field, a NULL pointer dereference can occur causing a daemon crash. (CVE-2010-4056, IC80075)

- When receiving a packet with many different integer fields containing two different values, an invalid memory access and daemon crash can occur. (CVE-2010-4057, IC80076)

Solution

Upgrade to solidDB 6.5.0.8 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg27021052#fp8

Plugin Details

Severity: Medium

ID: 6340

File Name: 6340.prm

Family: Database

Published: 2012/02/23

Modified: 2016/01/21

Dependencies: 4450

Nessus ID: 58105

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 5.2

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

Patch Publication Date: 2011/12/05

Vulnerability Publication Date: 2010/10/25

Reference Information

CVE: CVE-2010-4055, CVE-2010-4056, CVE-2010-4057

BID: 44158