fkie_nvd - fkie_cve-2008-3959

fkie_cve-2008-3959

Vulnerability from fkie_nvd

Published

2008-09-11 01:13

Modified

2025-04-09 00:30

Severity ?

Summary

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/29022
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043	Patch
cve@mitre.org	http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45134
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29022
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45134

Impacted products

Vendor	Product	Version
ibm	db2	*
ibm	db2	*
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.1
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2
ibm	db2	8.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp15:*:*:*:*:*:*",
              "matchCriteriaId": "512B9F94-00CE-4479-B3EA-91D74097CB61",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:*:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "7FC6A358-2290-4E14-B4FE-05195992C05D",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "2418C923-2F94-4FAF-A9BD-D1C436308C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp10:*:*:*:*:*:*",
              "matchCriteriaId": "18D59696-A477-4397-BC14-4EF69DAFA262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp11:*:*:*:*:*:*",
              "matchCriteriaId": "BBABCAC8-0E04-44FC-BF1A-88CACB28E644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp12:*:*:*:*:*:*",
              "matchCriteriaId": "AC318EEC-AFE5-4070-8711-B6560143CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp13:*:*:*:*:*:*",
              "matchCriteriaId": "5F02B3A6-F771-4F6A-A1E8-5E3EC1080272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp14:*:*:*:*:*:*",
              "matchCriteriaId": "DCF379F0-6D58-47A9-849E-C48D13496C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "8AEBA7BD-E897-438E-8DD5-7AB5490AB931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "BAA746B2-AC20-49D3-B8C6-655C268CB253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "0FEC5C8E-9B3E-457F-8871-1EB172DBA7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "AC4145E1-A805-4E64-904C-03B0B13BADBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "281B0499-11FD-4B99-B402-B44B609469E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "385C934A-4374-491C-8A61-EBCC5E72AF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp8:*:*:*:*:*:*",
              "matchCriteriaId": "286E4585-57F7-428D-B9C2-63B33FA2BF5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.1:fp9:*:*:*:*:*:*",
              "matchCriteriaId": "E89ACCE1-873B-4C4A-A64B-F344F96C2C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D7ACC0-4CF4-4B60-902C-C47DFCD097A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*",
              "matchCriteriaId": "55ABF9A3-7776-4C0B-A6CC-45955E42DA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*",
              "matchCriteriaId": "9DF77950-22DE-4BA2-A10F-10953F6119E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*",
              "matchCriteriaId": "57F66472-61EC-4467-ACF6-2893BF9E4050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*",
              "matchCriteriaId": "403EF6EC-9EEF-40F1-BA5C-F6211AADC9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*",
              "matchCriteriaId": "2CE8E119-58C7-4BF0-9C74-93F44E4FC732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*",
              "matchCriteriaId": "2F16D689-D091-47AA-96EC-6B419D4A6CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*",
              "matchCriteriaId": "AAEFCEBE-4CBC-4301-BEC6-9D9C9C3E0539",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request."
    },
    {
      "lang": "es",
      "value": "IBM DB2 UDB 8.1 anterior FixPak 16, y v8.2 anterior al FixPak 9, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de instancia) a trav\u00e9s de un flujo de datos CONNECT/ATTACH manipulado que simula una petici\u00f3n cliente connect/attach V7."
    }
  ],
  "id": "CVE-2008-3959",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-11T01:13:47.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45134"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-3959 (GCVE-0-2008-3959)

Vulnerability from cvelistv5

Published

2008-09-09 14:00