Home > In the News > Imperva Discovers Critical Denial of Service Vulnerability in IBM DB2 Database

Press Release

Sep 6, 2006

Imperva Discovers Critical Denial of Service Vulnerability in IBM DB2 Database

Press Release

Sep 6, 2006

Application Defense Center Identifies Disturbing Trend in Database Communications Protocol Flaws

WHO:

Imperva Application Defense Center (ADC)

WHAT:

Discovered and reported to IBM a severe vulnerability in the implementation of DB2 version 8’s client-server protocol called DRDA, which is used to exchange information and commands between clients and servers. By exploiting the flaw, any attacker with basic access credentials to the database server can take it down. Since this is a database communication protocol level vulnerability, attacks elude DB2’s built-in auditing mechanism. Database communications protocol vulnerabilities are on the rise. In the two most recent FixPaks issued by IBM, four of the seven security flaws fixed have been protocol level holes. Meanwhile, half of the vulnerabilities addressed in the latest Oracle quarterly patch were protocol flaws. For more details on why these database communications protocol vulnerabilities are increasing see the Imperva Security Advisory listed below.

WHERE:

The Imperva Security Advisory is available at:http://www.imperva.com/resources/adc/adc_advisories.html
IBM DB2 UDB Version 8.1 FixPak 13, as well as the Authorized Program Analysis Report (APAR) which lists this and all software defects in FixPak 13, are located at: http://www-1.ibm.com/support/docview.wss?uid=swg24013114

WHEN:

IBM released APAR IY87211 on August 14, 2006.

HOW:

ADC conducts ongoing research into database security issues, and discovered this vulnerability as part of its inspection of database access protocols. ADC’s research findings are applied immediately, and in advance of vendor fixes, to enhance the SecureSphere product line with next generation attack detection and protection features for its customers worldwide.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net

Press Contact

impervaPR@imperva.com

This is for media inquiries only. For product and sales, please call: +1.866.926.4678.

Contact PR

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports