Title: IBM DB2 Universal Database for Windows NT SQL DoS Vulnerability
Severity: MODERATE
Description:
IBM DB2 Universal Database is a distributed database application.
It may be possible for a database user to crash the server through a bug in handling certain queries. If a certain query is executed that contains a datetime type and varchar type, the server may cease to fucntion requiring a manual reset. The following example was submitted by Benjurry in their advisory:
connect reset;
connect to sample user db2admin using db2admin;
select * from employee where year(birthdate)=1999 and firstnme<'';
It is not known what the cause for this behaviour is. Restarting the application is required in order to regain normal functionality.
Affected Products:
- IBM DB2 Universal Database for Windows NT 6.1.0
- IBM DB2 Universal Database for Windows NT 7.1.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
