|
Denial of Service Vulnerability in Discovery September 18, 2003 Risk level: Low Summary:
IBM DB2 provides a UDP service used as a discovery service for locating DB2databases on the network. This UDP service shuts down when sent more than 20bytes. Details:
IBM DB2 is a database that provides many services. One of these services is a discovery service. This is used to locate a service when configuring a connection. This service listens on UDP port 523.
This service typically receives a packet such as "DB2GETADDR SQL07020". If a packet larger than 20 bytes is received by the server, the service will shutdown.
Once the discovery service crashes, the service "DB2 - DB2DAS00" must be restarted.
This issue is cover under the fix "IY47686: Search Discovery Listener Denial of Service Vulnerability".
Fix:
Apply FixPak 10a from IBM. This can be downloaded from the following location:
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report
|
