=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN585
_____________________________________________________________________

DATE                      : 22/12/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running IBM DB2.

======================================================================

===========================================================================
              AUSCERT External Security Bulletin Redistribution

                     ESB-2006.0938 -- [Win][UNIX/Linux]
                IBM DB2 Remote DoS during CONNECT processing
                              21 December 2006

===========================================================================

         AusCERT Security Bulletin Summary
         ---------------------------------

Product:              IBM DB2 8.1 prior to FixPak 13
Publisher:            AppSecInc
Operating System:     AIX
                       HP-UX
                       Linux variants
                       Solaris
                       Windows
Impact:               Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-4257

Original Bulletin:
   http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml

Comment: IBM have released patches correcting this vulnerability,
          available at:

          http://www-1.ibm.com/support/docview.wss?uid=swg24013114

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM DB2 Remote DoS during CONNECT processing

AppSecInc Team SHATTER Security Advisory:
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml

Affected versions: All versions of IBM DB2 Database Server

Risk level: Medium

Credits: This vulnerability was discovered and researched by Vivek
Rathod of Application Security Inc.

Details:
When connecting to a remote DB2 instance, the version 7 client typically
sends a SQLJRA packet requesting start of the connection. If this SQLJRA
packet is specially crafted, it can cause a DoS attack by crashing the
DB2 instance. Altering a few bytes at specific offsets in the packet
exposes multiple NULL/invalid pointer dereference bugs in the server code.
For example, on Windows, if 0x00 is used at any of these offsets, the
sqle_db2ra_as_con_database function (from DB2ENGN.DLL) attempts to
access NULL or invalid memory locations, causing an unhandled access
violation (0xC0000005). This causes the DB2 instance to crash.

Impact:
Any remote unauthenticated attacker can crash the DB2 instance.

Vendor Status:
Vendor was contacted and a patch was released.

Fix:
To fix the problem apply the fixpak 13 for DB2 version 8.1 (same as 8.2 FP6)
http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html

Links:
Application Security, Inc advisory:
http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml
IBM APAR: http://www-1.ibm.com/support/entdocview.wss?uid=swg1IY86917
Secunia Advisory: http://secunia.com/advisories/21550/
CVE Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4257

- - --
Application Security, Inc.
www.appsecinc.com
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFgFSm9EOAcmTuFN0RAs0uAKDD2JmnlktSvdZg/UdVtBZMcN8aMwCfR7AJ
toZoy4X4AWp5t8Ut7vvkj8U=
=tvlM
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

         http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

         http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                 AusCERT personnel answer during Queensland business hours
                 which are GMT+10:00 (AEST).
                 On call after hours for member emergencies only.
===========================================================================

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================