CVE-2010-3740:db2: The Net Search Extender (NSE) implementation in the...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3740

db2: The Net Search Extender (NSE) implementation in the...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3740

Original

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-05

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-06

Affected Product Tags

cpe:/a:ibm:db2:9.5

cpe:/a:ibm:db2:9.5:fp1

cpe:/a:ibm:db2:9.5:fp2

cpe:/a:ibm:db2:9.5:fp2a

cpe:/a:ibm:db2:9.5:fp3

cpe:/a:ibm:db2:9.5:fp3a

cpe:/a:ibm:db2:9.5:fp3b

cpe:/a:ibm:db2:9.5:fp4

cpe:/a:ibm:db2:9.5:fp4a

cpe:/a:ibm:db2:9.5:fp5

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

AIXAPAR IC66613

CONFIRM ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT

Vulnerability Type Resource Management Errors (CWE-399)