Detections
Analytics
IBM Solid Database 6.5 < 6.5.0.8 Multiple Denial of Service Vulnerabilities
medium Nessus Network Monitor Plugin ID 6340
Synopsis
The remote database server is vulnerable to a denial of service attack.Description
The remote host is running IBM solidDB.Versions of solidDB 6.5 earlier than 6.5.0.8 are potentially affected by multiple denial of service vulnerabilities :
- Sending packets with many integer fields can trigger several recursive calls of a certain function causing an excessive amount of stack memory consumption. (CVE-2010-4055, IC80074)
- Upon receiving a packet containing only a single integer field, a NULL pointer dereference can occur causing a daemon crash. (CVE-2010-4056, IC80075)
- When receiving a packet with many different integer fields containing two different values, an invalid memory access and daemon crash can occur. (CVE-2010-4057, IC80076)
Solution
Upgrade to solidDB 6.5.0.8 or later.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg27021052#fp8
Plugin Details
Severity: Medium
ID: 6340
Family: Database
Published: 2/23/2012
Updated: 3/6/2019
Nessus ID: 58105
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:ibm:soliddb
Patch Publication Date: 12/5/2011
Vulnerability Publication Date: 10/25/2010
Reference Information
CVE: CVE-2010-4055, CVE-2010-4056, CVE-2010-4057
BID: 44158