Vulnerability Name:

CVE-2008-3959 (CCN-45134)

Assigned:2008-05-02
Published:2008-05-02
Updated:2017-08-08
Summary:IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-3959

Source: CCN
Type: SA29022
IBM DB2 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29022

Source: CCN
Type: IBM DB2 Web site
DB2 Product Family

Source: AIXAPAR
Type: Patch
IZ05043

Source: MISC
Type: UNKNOWN
http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml

Source: CCN
Type: OSVDB ID: 41794
IBM DB2 Universal Database CONNECT / ATTACH Processing Unspecified Remote DoS

Source: CCN
Type: BID-31058
IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
ibm-db2-connect-attach-dos2(45134)

Source: XF
Type: UNKNOWN
ibm-db2-connect-attach-dos2(45134)

Source: CCN
Type: IBM Security Bulletin 6347588 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6349177 (Security Guardium)
IBM Security Guardium is affected by a DB2 jar vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2:8.1:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp10:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp11:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp12:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp13:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp14:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:*:fp15:*:*:*:*:*:* (Version <= 8.1)
  • OR cpe:/a:ibm:db2:8.1:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp4:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp5:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp6:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp7:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp8:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.1:fp9:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp4:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp5:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp6:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:8.2:fp7:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:*:fp8:*:*:*:*:*:* (Version <= 8.2)

    • Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1::fp8:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1::fp10:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.1::fp11:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp4:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp5:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp6:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp8:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:8.2:fp7:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 8.1 fp1
    ibm db2 8.1 fp10
    ibm db2 8.1 fp11
    ibm db2 8.1 fp12
    ibm db2 8.1 fp13
    ibm db2 8.1 fp14
    ibm db2 * fp15
    ibm db2 8.1 fp2
    ibm db2 8.1 fp3
    ibm db2 8.1 fp4
    ibm db2 8.1 fp5
    ibm db2 8.1 fp6
    ibm db2 8.1 fp7
    ibm db2 8.1 fp8
    ibm db2 8.1 fp9
    ibm db2 8.2
    ibm db2 8.2 fp1
    ibm db2 8.2 fp2
    ibm db2 8.2 fp3
    ibm db2 8.2 fp4
    ibm db2 8.2 fp5
    ibm db2 8.2 fp6
    ibm db2 8.2 fp7
    ibm db2 * fp8
    ibm db2 universal database 8.2
    ibm db2 universal database 8.1
    ibm db2 universal database 8.1
    ibm db2 universal database 8.1
    ibm db2 universal database 8.2 fp1
    ibm db2 universal database 8.2 fp2
    ibm db2 universal database 8.2 fp3
    ibm db2 universal database 8.2 fp4
    ibm db2 universal database 8.2 fp5
    ibm db2 universal database 8.2 fp6
    ibm db2 universal database 8.2 fp8
    ibm db2 universal database 8.2 fp7
    ibm security guardium 11.0
    ibm security guardium 11.1