Bloomberg Comdb2 Denial-of-Service Vulnerability in Distributed Transaction Commit/Abort Operation
Vulnerability
A denial-of-service vulnerability has been identified in Bloomberg Comdb2 version 8.1. The issue arises in the Distributed Transaction Commit/Abort Operation functionality, where a specially crafted network packet can lead to a denial-of-service condition. An attacker can exploit this vulnerability by sending a malicious packet to the database.
Impact
Exploiting this vulnerability causes the Comdb2 process to terminate abruptly, leading to a denial-of-service condition where the database service becomes unavailable.
Reproduction
The vulnerability can be reproduced by sending a 'COMMIT' operation packet followed immediately by an 'ABORT' operation packet, using the same transaction ID. This can be done manually or with a proof-of-concept tool that automates the process.
Remediation
Users are advised to update to the patched version of Bloomberg Comdb2, which is available through the Bloomberg software update channels.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.