IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
BID:2067
Info
IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
| Bugtraq ID: | 2067 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2001-0052 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 05 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Posted to Bugtraq by Benjurry <[email protected]> on December 5, 2000. |
| Vulnerable: |
IBM DB2 Universal Database for Windows NT 7.1 IBM DB2 Universal Database for Windows NT 6.1 |
| Not Vulnerable: | |
Discussion
IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
IBM DB2 Universal Database is a distributed database application.
It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contains a datetime type and varchar type, the server may cease to fucntion requiring a manual reset. The following example was submitted by Benjurry in their advisory:
connect reset;
connect to sample user db2admin using db2admin;
select * from employee where year(birthdate)=1999 and firstnme<'';
It is not known what the cause for this behaviour is. Restarting the application is required in order to regain normal functionality.
IBM DB2 Universal Database is a distributed database application.
It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contains a datetime type and varchar type, the server may cease to fucntion requiring a manual reset. The following example was submitted by Benjurry in their advisory:
connect reset;
connect to sample user db2admin using db2admin;
select * from employee where year(birthdate)=1999 and firstnme<'';
It is not known what the cause for this behaviour is. Restarting the application is required in order to regain normal functionality.
References
IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
References:
References: