NVD Vulnerability Detail

CVE-2009-0172

Summary	Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
Publication Date	Jan. 17, 2009, 6:30 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	Aug. 8, 2017, 10:33 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:db2_universal_database:9.1::aix:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::hp-ux:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::linux:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::solaris:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::windows:::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:ga::::::
cpe:2.3:a:ibm:db2_universal_database:9.5:::::::*
cpe:2.3:a:ibm:db2_universal_database:9.5::aix:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::hp-ux:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::linux:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::solaris:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::windows:::::
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:windows:::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT	CONFIRM
2	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT	CONFIRM
3	ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT	CONFIRM
4	http://secunia.com/advisories/33529	SECUNIA	Vendor Advisory
5	http://securitytracker.com/id?1021591	SECTRACK
6	http://www.securityfocus.com/bid/33258	BID	Patch
7	http://www.vupen.com/english/advisories/2009/0137	VUPEN
8	http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37696	AIXAPAR
9	http://www-01.ibm.com/support/docview.wss?uid=swg21363936	CONFIRM	Patch Vendor Advisory
10	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ36534	AIXAPAR	Patch Vendor Advisory
11	http://www-1.ibm.com/support/docview.wss?uid=swg1IZ37697	AIXAPAR	Patch Vendor Advisory
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/47931	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:db2_universal_database:9.1::aix:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::hp-ux:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::linux:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::solaris:::::
cpe:2.3:a:ibm:db2_universal_database:9.1::windows:::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp2:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp3:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a::::::
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:fp4a:windows:::::*
cpe:2.3:a:ibm:db2_universal_database:9.1:ga::::::
cpe:2.3:a:ibm:db2_universal_database:9.5:::::::*
cpe:2.3:a:ibm:db2_universal_database:9.5::aix:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::hp-ux:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::linux:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::solaris:::::
cpe:2.3:a:ibm:db2_universal_database:9.5::windows:::::
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:aix:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:hp-ux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:linux:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:solaris:::::*
cpe:2.3:a:ibm:db2_universal_database:9.5:fp1:windows:::::*