Reported July 12, 2001, by Gilles Lami.

VERSION AFFECTED

  • IBM’s DB2 Universal Database for Windows 2000, Windows NT

 

DESCRIPTION
A Denial of Service (DoS) vulnerability exists in IBM’s DB2 Universal Database server. An attacker can crash the server by establishing a Telnet connection to the ports that the services “db2ccs.exe” and “db2jds.exe” are running on (typically ports 6790 and 6789) and sending 1 byte of information.

 

VENDOR RESPONSE

The vendor, IBM, has acknowledged this vulnerability and will release a patch for version 7 and above.

 

CREDIT
Discovered by Gilles Lami.