Business Services Industry

Imperva Discovers Critical Denial of Service Vulnerability in IBM DB2 Database; Application Defense Center Identifies Disturbing Trend in Database Communications Protocol Flaws

Business Wire, Sept 6, 2006

Imperva--

Related Results
WHO:    Imperva Application Defense Center (ADC)

WHAT:   Discovered and reported to IBM a severe vulnerability in the
        implementation of DB2 version 8's client-server protocol
        called DRDA, which is used to exchange information and
        commands between clients and servers. By exploiting the flaw,
        any attacker with basic access credentials to the database
        server can take it down. Since this is a database
        communication protocol level vulnerability, attacks elude
        DB2's built-in auditing mechanism. Database communications
        protocol vulnerabilities are on the rise. In the two most
        recent FixPaks issued by IBM, four of the seven security flaws
        fixed have been protocol level holes. Meanwhile, half of the
        vulnerabilities addressed in the latest Oracle quarterly patch
        were protocol flaws. For more details on why these database
        communications protocol vulnerabilities are increasing see the
        Imperva Security Advisory listed below.

WHERE:  The Imperva Security Advisory is available at:

http://www.imperva.com/application_defense_center/papers/ibm-dbms-0905
2006.html (Due to its length, this URL may need to be copied/pasted
into your Internet browser's address field. Remove the extra space if
one exists.)

        IBM DB2 UDB Version 8.1 FixPak 13, as well as the Authorized
        Program Analysis Report (APAR) which lists this and all
        software defects in FixPak 13, are located at:
        http://www-1.ibm.com/support/docview.wss?uid=swg24013114

WHEN:   IBM released APAR IY87211 on August 14, 2006.

HOW:    ADC conducts ongoing research into database security issues,
        and discovered this vulnerability as part of its inspection of
        database access protocols. ADC's research findings are applied
        immediately, and in advance of vendor fixes, to enhance the
        SecureSphere product line with next generation attack
        detection and protection features for its customers worldwide.

About Imperva

Imperva is the leader in data security for the data center. The award-winning SecureSphere product line provides data security, auditing, and regulatory compliance for sensitive financial and identity data in corporate data centers. SecureSphere monitors and audits database activity as well as protects databases against insider abuse and external data theft via web applications. Deployment requires no changes to existing infrastructure and no manual tuning. Imperva SecureSphere is deployed in leading financial, healthcare, and retail organizations around the globe. Led by Shlomo Kramer, a Check Point Software Technologies founder, Imperva is privately funded by Accel Partners, Greylock Partners, US Venture Partners, and Venrock Associates.

COPYRIGHT 2006 Business Wire
COPYRIGHT 2008 Gale, Cengage Learning

 

BNET TalkbackShare your ideas and expertise on this topic

Please add your comment:
  1. You are currently: a Guest |
  4.  

Basic HTML tags that work in comments are: bold (<b></b>), italic (<i></i>), underline (<u></u>), and hyperlink (<a href></a)

advertisement
advertisement
  • Click Here
  • Click Here
  • Click Here
advertisement
Click Here

Content provided in partnership with Thompson Gale