CVE-2007-6052

Vulnerability

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, leading to a divide-by-zero error condition. The issue is related to an "overflow" and affects the database management system on Linux, UNIX, and Windows platforms [1]. The exact code path requires the execution of vector aggregation operations that trigger the flawed calculation.

Exploitation

An attacker can trigger the vulnerability by sending or causing the execution of a specially crafted vector aggregation query. No special privileges beyond normal database access are required; the attacker must be able to interact with the DBMS through SQL queries. The sequence involves invoking an aggregation operation that triggers the overflow and subsequent divide-by-zero error.

Impact

Successful exploitation causes a divide-by-zero error that leads to a DBMS crash, resulting in a denial of service. The integrity and confidentiality of data are not compromised, but availability is affected until the database is restarted.

Mitigation

IBM released Fixpak 4 for DB2 Version 9.1, which addresses the issue [1]. Users should apply the fix as soon as possible. There is no known workaround for unpatched versions.