TITLE: IBM DB2 Content Manager Potential Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA17388 VERIFY ADVISORY: http://secunia.com/advisories/17388/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: DB2 Content Manager 8.x http://secunia.com/product/6083/ DESCRIPTION: Some vulnerabilities have been reported in DB2 Content Manager, which potentially can be exploited by malicious users to cause a DoS (Denial of Service). 1) An error exists in the library server when creating a text index of an imported Exel file. This may be exploited by malicious users to cause the "db2fmp" process to consume large amount of CPU resources by importing a malformed Exel file. 2) An unspecified error in the handling of LZH files on AIX may cause a crash in the INSO code. Several other issues, which may be security related, have also been fixed. SOLUTION: Apply Content Manager Version 8.2 Fix Pack 10 (requires Fix Pack 8). http://www-1.ibm.com/support/docview.wss?uid=swg24010789 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: IBM: http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737 http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------