Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3958

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3958
Last Modified 12 Aug 2009 01:19:40
Published 10 Sep 2008 09:13:47
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3958

Summary

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.

Vulnerable Systems

Application

  • Ibm Db2 8.0


References

XF - ibm-db2-connect-attach-dos1(45133)

BID - 31058

AIXAPAR - IZ08134

SECUNIA - 31787

OSVDB - 48144

CONFIRM - ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT


Last Updated: 27 May 2016 10:48:22