Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to a denial of service attack.

Description

The remote host is running IBM solidDB.

Versions of solidDB 6.5 earlier than 6.5.0.8 are potentially affected by multiple denial of service vulnerabilities :

- Sending packets with many integer fields can trigger several recursive calls of a certain function causing an excessive amount of stack memory consumption. (CVE-2010-4055, IC80074)

- Upon receiving a packet containing only a single integer field, a NULL pointer dereference can occur causing a daemon crash. (CVE-2010-4056, IC80075)

- When receiving a packet with many different integer fields containing two different values, an invalid memory access and daemon crash can occur. (CVE-2010-4057, IC80076)

Solution

Upgrade to solidDB 6.5.0.8 or later.