PT-2014-7098 · Ibm · Ibm Db2

Published

2014-12-12

·

Updated

2018-09-27

·

CVE-2014-6209

CVSS v2.0

4.0

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.5 through FP10 IBM DB2 versions 9.7 through FP10 IBM DB2 versions 9.8 through FP5 IBM DB2 versions 10.1 through FP4 IBM DB2 versions 10.5 before FP5
Description The issue allows remote authenticated users to cause a denial of service by specifying an identity column within a crafted ALTER TABLE statement, resulting in a daemon crash.
Recommendations For IBM DB2 versions 9.5 through FP10, update to a version after FP10 to resolve the issue. For IBM DB2 versions 9.7 through FP10, update to a version after FP10 to resolve the issue. For IBM DB2 versions 9.8 through FP5, update to a version after FP5 to resolve the issue. For IBM DB2 versions 10.1 through FP4, update to a version after FP4 to resolve the issue. For IBM DB2 versions 10.5 before FP5, update to a version FP5 or later to resolve the issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-6209

Affected Products

Ibm Db2