Vigil@nce - IBM DB2: denial of service via STMM
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a denial of service when the STMM feature
is enabled in IBM DB2.
Severity: 1/4
Creation date: 28/10/2011
IMPACTED PRODUCTS
– IBM DB2 UDB
DESCRIPTION OF THE VULNERABILITY
The STMM (Self Tuning Memory Manager) feature is used to
automatically configure memory resources for the database:
– INSTANCE_MEMORY
– DATABASE_MEMORY
– etc.
An attacker can create a denial of service when the STMM feature
is enabled in IBM DB2, and when DATABASE_MEMORY is set to
AUTOMATIC.
Technical details are unknown, but the vulnerability could be an
excessive memory consumption.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-DB2-denial-of-service-via-STMM-11109