Vulnerabilities > CVE-2008-1708 - Resource Management Errors vulnerability in IBM Soliddb

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

ibm

CWE-399

NVD

Published: 2008-04-09

Updated: 2018-10-11

Summary

IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Soliddb 4.5.167 IBM Soliddb 4.5.168 IBM Soliddb 4.5.169 IBM Soliddb 4.5.173 IBM Soliddb 4.5.175 IBM Soliddb 4.5.176 IBM Soliddb 4.5.178 IBM Soliddb 6.0	8

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://aluigi.altervista.org/adv/soliduro-adv.txt
http://aluigi.org/poc/soliduro.zip
http://secunia.com/advisories/29512
http://securitytracker.com/id?1019721
http://www.securityfocus.com/archive/1/490129/100/0/threaded
http://www.securityfocus.com/bid/28468
http://www.vupen.com/english/advisories/2008/1038
https://exchange.xforce.ibmcloud.com/vulnerabilities/41488