Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2010-07-22 |
| Product | Soliddb | Last view | 2013-09-08 |
| Version | 6.3.41 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:soliddb | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.5 | 2013-09-08 | CVE-2013-3031 | A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users to cause a denial of service (uninitialized-memory access and daemon crash) via a call that includes named arguments and default parameter values, but does not include all of the expected arguments. |
| 4 | 2012-02-21 | CVE-2012-0200 | The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. |
| 4 | 2012-02-21 | CVE-2011-4890 | The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. |
| 5 | 2010-10-23 | CVE-2010-4057 | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. |
| 5 | 2010-10-23 | CVE-2010-4056 | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. |
| 5 | 2010-10-23 | CVE-2010-4055 | Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. |
| 10 | 2010-07-22 | CVE-2010-2771 | solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-189 | Numeric Errors |
| 20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 20% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68938 | IBM solidDB solid.exe Packet Handling Memory Error Remote DoS |
| 68937 | IBM solidDB solid.exe Packet Handling NULL Dereference Remote DoS |
| 68936 | IBM solidDB solid.exe Packet Handling Recursive Function Remote DoS |
| 66382 | IBM solidDB solid.exe Handshake Request Username Field Arbitrary Remote Code ... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-04-11 | Name : IBM solidDB Packets Processing Denial of Service Vulnerabilities File : nvt/gb_ibm_soliddb_dos_vuln.nasl |
| 2010-10-19 | Name : IBM solidDB Multiple Denial of Service Vulnerabilities File : nvt/gb_ibm_soliddb_44158.nasl |
| 2010-07-21 | Name : IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability File : nvt/gb_soliddb_41653.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-04-18 | IBM solidDB denial of service attempt RuleID : 49485 - Type : SERVER-OTHER - Revision : 1 |
| 2019-04-18 | IBM solidDB denial of service attempt RuleID : 49480 - Type : SERVER-OTHER - Revision : 1 |
| 2014-01-10 | IBM SolidDB redundant where clause DoS attempt RuleID : 23392 - Type : SERVER-OTHER - Revision : 7 |
| 2014-01-10 | IBM solidDB SELECT statement denial of service attempt RuleID : 23097 - Type : SERVER-OTHER - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-05-08 | Name: The remote host has a database server installed that is affected by a remote ... File: soliddb_stored_procedure_dos.nasl - Type: ACT_GATHER_INFO |
| 2012-02-23 | Name: The remote database server is affected by multiple denial of service vulnerab... File: soliddb_6_5_0_8.nasl - Type: ACT_GATHER_INFO |
| 2012-02-23 | Name: The remote database server is affected by a denial of service vulnerability. File: soliddb_6_5_0_8_if6.nasl - Type: ACT_GATHER_INFO |
| 2012-02-03 | Name: The remote database server is affected by a denial of service vulnerability. File: soliddb_select_dos.nasl - Type: ACT_GATHER_INFO |
