ID CVE-2008-3958
Summary IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. http://secunia.com/advisories/31787 Some vulnerabilities have been reported in DB2, where some have an unknown impact and others can be exploited by malicious users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp10:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp11:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp12:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp13:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp14:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp15:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:*:fp16:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp2:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp3:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp4:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp5:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp6:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp6a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp6b:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp6c:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp7:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp7a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp7b:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp8:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp8a:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp9:*:*:*:*:*:*
  • cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:8.0:fp9a:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
aixapar IZ08134
bid 31058
confirm ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
osvdb 48144
secunia 31787
xf ibm-db2-connect-attach-dos1(45133)
Last major update 08-08-2017 - 01:32
Published 11-09-2008 - 01:13
Last modified 08-08-2017 - 01:32
Back to Top