CVE-2024-31882
📋 TL;DR
IBM Db2 databases running versions 11.1 or 11.5 on Linux, UNIX, or Windows are vulnerable to a denial of service attack. An authenticated user can crash the server by executing a specially crafted SQL statement, but only when specific non-default configurations are enabled. This affects Db2 for Linux, UNIX and Windows and Db2 Connect Server.
💻 Affected Systems
- IBM Db2 for Linux, UNIX and Windows
- IBM Db2 Connect Server
📦 What is this software?
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
Db2 by Ibm
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated user causes complete Db2 server crash, disrupting all database services until manual restart.
Likely Case
Accidental or intentional DoS by authorized users with SQL access in non-default configurations, causing temporary service disruption.
If Mitigated
Limited impact with proper access controls and default configurations, potentially no exploitation surface.
🎯 Exploit Status
Requires authenticated database access and specific non-default configurations to be enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fixes from IBM security bulletin - see vendor advisory for specific fix packs
Vendor Advisory: https://www.ibm.com/support/pages/node/7165338
Restart Required: Yes
Instructions:
1. Review IBM advisory for applicable fix packs. 2. Apply the recommended fix pack for your Db2 version. 3. Restart Db2 services. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict SQL statement execution
allLimit which users can execute arbitrary SQL statements through database permissions and access controls.
-- Use Db2 GRANT/REVOKE statements to restrict SQL execution privileges
-- Example: REVOKE EXECUTE ON PROCEDURE FROM unauthorized_users
Review and revert non-default configurations
allIdentify and disable any non-default configurations that make the system vulnerable.
-- Check current Db2 configuration: db2 get dbm cfg
-- Review database configuration settings for non-default values
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute SQL statements
- Monitor for unusual SQL patterns and implement rate limiting on database connections
🔍 How to Verify
Check if Vulnerable:
Check Db2 version and compare against affected versions (11.1 or 11.5). Review configuration to identify non-default settings.Check Version:
db2level (on Db2 server) or SELECT SERVICE_LEVEL, FIXPACK_NUM FROM SYSIBMADM.ENV_INST_INFOVerify Fix Applied:
Verify applied fix pack version matches or exceeds IBM's recommended version in the security advisory.📡 Detection & Monitoring
Log Indicators:
- Db2 crash logs (db2diag.log)
- Unexpected server restarts
- SQL statements causing abnormal termination
Network Indicators:
- Sudden drop in database connections
- Failed connection attempts after server crash
SIEM Query:
source="db2diag.log" AND ("crash" OR "abnormal termination" OR "segmentation fault")