#VU17 DRDA Processing flaw vulnerability


Published: 2016-06-22 | Updated: 2016-07-30

Vulnerability identifier: #VU17

Vulnerability risk: Low

CVSSv3.1: 3.8 [AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0211

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause the target service to crash.

A remote authenticated attacker can cause the DB2 service to crash by sending a specially crafted DRDA message to vulnerable server.

Successful exploitation of this vulnerability may result in crash of vulnerable service.

Mitigation

IBM has issued fixes for the following versions:

External links
http://www-304.ibm.com/support/docview.wss?uid=swg21979984

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in IBM DB2 LUW