Vigil@nce: IBM DB2, denial of service of Tivoli Monitoring
February 2010 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious message to IBM Tivoli Monitoring
for DB2, in order to stop it.
Severity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 02/02/2010
IMPACTED PRODUCTS
– IBM DB2 UDB
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Monitoring for DB2 product can be installed with
IBM DB2.
It enables the "kuddb2" service, which listens on the port 6014.
However, an attacker can send 5 special characters to this
service, which generates a segmentation error.
An attacker can therefore send a malicious message to IBM Tivoli
Monitoring for DB2, in order to stop it.
CHARACTERISTICS
Identifiers: BID-38018, VIGILANCE-VUL-9399
http://vigilance.fr/vulnerability/IBM-DB2-denial-of-service-of-Tivoli-Monitoring-9399