Vulnerability Name:

CVE-2009-4329 (CCN-55017)

Assigned:2009-12-15
Published:2009-12-15
Updated:2009-12-17
Summary:Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

Source: MITRE
Type: CNA
CVE-2009-4329

Source: CCN
Type: SA37759
IBM DB2 Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37759

Source: AIXAPAR
Type: Exploit
IZ52083

Source: CCN
Type: IBM Support & downloads
IZ52083: Security: Manipulation of db2ra data stream of Load utility request can cause seg fault.

Source: CONFIRM
Type: Patch
http://www-01.ibm.com/support/docview.wss?uid=swg21293566

Source: CONFIRM
Type: Exploit
http://www-01.ibm.com/support/docview.wss?uid=swg21412902

Source: CCN
Type: OSVDB ID: 67681
IBM DB2 Universal Database Engine Utilities Component Load Utility db2ra Data Stream Manipulation Remote DoS

Source: BID
Type: UNKNOWN
37332

Source: CCN
Type: BID-37332
IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3520

Source: XF
Type: UNKNOWN
ibm-db2-engine-dos(55017)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:db2:9.5:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:9.5:fp3b:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:db2_universal_database:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp1:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp2:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp3a:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp3:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp2a:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_universal_database:9.5:fp3b:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm db2 9.5
    ibm db2 9.5 fp1
    ibm db2 9.5 fp2
    ibm db2 9.5 fp2a
    ibm db2 9.5 fp3
    ibm db2 9.5 fp3a
    ibm db2 9.5 fp3b
    ibm db2 universal database 9.5
    ibm db2 universal database 9.5 fp1
    ibm db2 universal database 9.5 fp2
    ibm db2 universal database 9.5 fp3a
    ibm db2 universal database 9.5 fp3
    ibm db2 universal database 9.5 fp2a
    ibm db2 universal database 9.5 fp3b