Vulnerabilities > CVE-2006-3066 - Unspecified vulnerability in IBM DB2 Universal Database
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ibm
nessus
Summary
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
Vulnerable Configurations
Nessus
| NASL family | Databases |
| NASL id | DB2_81FP12.NASL |
| description | According to its version, the installation of IBM DB2 running on the remote host may crash when it attempts to process a specially crafted CONNECT or ATTACH request sent during the initial handshake process. An unauthenticated, remote attacker can exploit this issue to overflow a buffer and crash the database instance, thereby denying service to legitimate users. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23935 |
| published | 2006-12-23 |
| reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/23935 |
| title | IBM DB2 < 8.1 FixPak 12 EXCSAT Long MGRLVLLS Message Remote DoS |
References
- http://secunia.com/advisories/20579
- http://secunia.com/advisories/20579
- http://www.osvdb.org/29861
- http://www.osvdb.org/29861
- http://www.securityfocus.com/archive/1/445297/100/0/threaded
- http://www.securityfocus.com/archive/1/445297/100/0/threaded
- http://www.securityfocus.com/bid/18428
- http://www.securityfocus.com/bid/18428
- http://www.vupen.com/english/advisories/2006/2332
- http://www.vupen.com/english/advisories/2006/2332
- http://www-1.ibm.com/support/docview.wss?uid=swg1IY84096
- http://www-1.ibm.com/support/docview.wss?uid=swg1IY84096