header-logo
Suggest Exploit
vendor:
solidDB
by:
Luigi Auriemma
7,5
CVSS
HIGH
Denial of Service
399
CWE
Product Name: solidDB
Affected Version From: <= 6.5.0.3
Affected Version To: <= 6.5.0.3
Patch Exists: YES
Related CWE: N/A
CPE: a:ibm:solid_db
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: AIX, Linux, Solaris, Windows
2010

IBM solidDB Denial of Service

The solid.exe service listening on port 1315 can be crashed by an external attacker through a malformed type of packet. The bugged function is located at address 0063dc60 which is called recursively if the packet contains a particular value between the range of values 15001 and 15100 (switch 9). The effects of the problem can be: stack exaustion by using over 14000 of these values so that all the memory of the stack gets consumed by these recursive callings, NULL pointer due to the usage of only one of these values where an unused pointer (set to zero) is used in a comparison operation, invalid memory access by using also another type of value after those.

Mitigation:

Upgrade to version 6.5.0.4 or later.
Source

Exploit-DB raw data:

Source: http://aluigi.org/adv/soliddb_1-adv.txt
#######################################################################

                             Luigi Auriemma

Application:  IBM solidDB
              http://www-01.ibm.com/software/data/soliddb/
Versions:     <= 6.5.0.3
Platforms:    AIX, Linux, Solaris, Windows
Bug:          Denial of Service
Exploitation: remote, versus server
Date:         15 Oct 2010
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


"IBM solidDB product family features relational, in-memory database
technology that delivers extreme speed, performing up to ten times
faster than conventional, disk-based databases."


#######################################################################

======
2) Bug
======


The solid.exe service listening on port 1315 can be crashed by an
external attacker through a malformed type of packet.
The bugged function is located at address 0063dc60 which is called
recursively if the packet contains a particular value between the range
of values 15001 and 15100 (switch 9).
The effects of the problem can be:
- stack exaustion by using over 14000 of these values so that all the
  memory of the stack gets consumed by these recursive callings
- NULL pointer due to the usage of only one of these values where an
  unused pointer (set to zero) is used in a comparison operation
- invalid memory access by using also another type of value after those


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/soliddb_1.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15261.zip

#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Navigation

Suggest Exploit

Services By CQR