Vulnerabilities > CVE-2006-3066 - Denial of Service vulnerability in IBM DB2 Universal Database
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. This vulnerability is addressed in the following product release: IBM, DB2 Universal Database, 8.12
Vulnerable Configurations
Nessus
| NASL family | Databases |
| NASL id | DB2_81FP12.NASL |
| description | According to its version, the installation of IBM DB2 running on the remote host may crash when it attempts to process a specially crafted CONNECT or ATTACH request sent during the initial handshake process. An unauthenticated, remote attacker can exploit this issue to overflow a buffer and crash the database instance, thereby denying service to legitimate users. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23935 |
| published | 2006-12-23 |
| reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/23935 |
| title | IBM DB2 < 8.1 FixPak 12 EXCSAT Long MGRLVLLS Message Remote DoS |