PT-2011-2950 · Ibm · Soliddb

Published

2011-04-26

Updated

2017-08-17

CVE-2011-1208

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions IBM solidDB versions 4.5.x through 4.5.181 IBM solidDB versions 6.0.x through 6.0.1068 IBM solidDB versions 6.1.x through 6.3.48 IBM solidDB versions 6.3.x through 6.3.48 IBM solidDB versions 6.5.x through 6.5.0.3

Description The issue arises from improper handling of the rpc test svc readwrite and rpc test svc done commands, allowing remote attackers to cause a denial of service via a crafted command, resulting in a NULL pointer dereference and daemon crash.

Recommendations For IBM solidDB versions 4.5.x, update to version 4.5.182 or later. For IBM solidDB versions 6.0.x, update to version 6.0.1069 or later. For IBM solidDB versions 6.1.x and 6.3.x, update to version 6.3 FP8 (aka 6.3.49) or later. For IBM solidDB versions 6.5.x, update to version 6.5 FP4 (aka 6.5.0.4) or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-1208

ZDI-11-142

Affected Products

Soliddb

PT-2011-2950 · Ibm · Soliddb

CVE-2011-1208

Related Identifiers

Affected Products

References · 9