Reported September 18, 2003 by Aaron Newman.

 

 

VERSIONS AFFECTED

 

IBM DB2 Universal Database

 

DESCRIPTION

 

A Denial of Service (DoS) condition exists in IBM's DB2 Universal Database. IBM DB2's UDP-based discovery service, listening on port 523, shut downs when it receives more than 20 bytes of data. After the discovery service crashes, the service requires a restart.

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.ibm.com/" style="color: blue; text-decoration: underline; text-underline: single">IBM</a> has released <a href="http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report" style="color: blue; text-decoration: underline; text-underline: single">FixPak 10a</a> to address this vulnerability.</h3>

 

CREDIT

 

Discovered by Application Security Inc.