No Credentials Necessary

June 19, 2006

[From eWeek]

Security researchers have uncovered a critical client/server protocol flaw in IBM's DB2 database.

Imperva's Application Defense Center reported on June 12 that it had discovered the vulnerability in DB2 Version 8. The flaw allows attackers with network access to the database server to bring the server down or to run arbitrary code.

In addition, due to the fact that this is a network-level flaw, attacks slip by DB2's built-in auditing mechanism.

The article continues at http://www.eweek.com/article2/0,1759,1977462,00.asp?kc=EWRSS03119TX1K0000594