CVE-2006-3068 - IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of s

CVE-2006-3068

Summary

IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."

References

http://secunia.com/advisories/20579
http://www.osvdb.org/29862
http://www.vupen.com/english/advisories/2006/2332
http://www-1.ibm.com/support/docview.wss?uid=swg1IY79204

Vulnerable Configurations

cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2011 - 04:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

aixapar	IY79204
osvdb	29862
secunia	20579
vupen	ADV-2006-2332

Last major update

17-10-2011 - 04:00

Published

19-06-2006 - 10:02

Last modified

17-10-2011 - 04:00