Denial of Service Vulnerability in DB2 Discovery Service To determine if you should apply this patch, download AppDetective for DB2 from http://www.appsecinc.com/products/appdetective/db2/ Risk level: Low Summary: IBM DB2 provides a UDP service used as a discovery service for locating DB2 databases on the network. This UDP service shuts down when sent more than 20 bytes. Details: IBM DB2 is a database that provides many services. One of these services is a discovery service. This is used to locate a service when configuring a connection. This service listens on UDP port 523. This service typically receives a packet such as "DB2GETADDR SQL07020". If a packet larger than 20 bytes is received by the server, the service will shutdown. Once the discovery service crashes, the service "DB2 - DB2DAS00" must be restarted. This issue is cover under the fix "IY47686: Search Discovery Listener Denial of Service Vulnerability". Fix: Apply FixPak 10a from IBM. This can be downloaded from the following location: http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/down load.d2w/report Regards, Aaron _______________________________ Aaron C. Newman CTO/Founder Application Security, Inc. www.appsecinc.com Phone: 212-420-9270 Fax: 212-420-9680 - Securing Business by Securing Enterprise Applications - ---------------------------------------------------------------------- Application Security, Inc. www.appsecinc.com AppSecInc is the pioneer in designing, developing, and managing application security solutions for the enterprise. AppSecInc products proactively secure enterprise applications by discovering, assessing, and protecting the database against rapidly changing security threats. We give organizations the confidence to extend business with customers, partners and suppliers across networks and the Internet. Our security experts, combined with our strong support team, deliver the most up-to-date application safeguards to minimize risk and eliminate impact on business. ----------------------------------------------------------------------
