Mailing List Archive: About DB2 DoS (BID 3010)

About DB2 DoS (BID 3010)

Feb 6, 2002, 9:56 AM

Post #1 of 2 (638 views)

Some time ago, I sent db2_dos.nasl on this list.
A couple of remarks:
1. I confirm that there is a DoS against DB2 on WinNT (not on Unix, AFAIK)
Cf. http://www.securityfocus.com/bid/3010
2. You do not need db2_dos.nasl to "test" it,
unfortunately. find_service will kill the service before the script
run!

--
Michel Arboi
arboi@algoriel.fr Tél: +33 (0)145383607 Fax: +33 (0)145383620
Algoriel / 33, avenue du Maine / 75755 Paris Cedex 15 / France

Re: About DB2 DoS (BID 3010) [ In reply to ]

arboi at noos

Feb 6, 2002, 11:32 AM

Post #2 of 2 (592 views)

Permalink

Investigations going on...
The advisory is imprecise: sending one byte on port 6789 will not always
kill db2jds.exe (= DB2 JDBC Applet Server).
I did a few trials. db2jds may be killed by find_services,
db2_dos.nasl, or miscflood.nasl

So, you may run db2_dos.nasl, but if it does not kill DB2 does not
mean that you are not vulnerable.

Here is an enhanced (?) version of the script, but it does not seem to
be enough to kill the service anyway.

Mailing List Archive

Mailing List Archive

Attached Files: