Summary
The host is running IBM DB2 and is prone to buffer overflow vulnerability.
Impact
Successful exploitation allows remote users to cause denial of service or execution of abritrary code.
Impact Level: Application.
Solution
Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP7, 9.7 FP3 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaw is due to a boundary error in the 'receiveDASMessage()' function in 'db2dasrrm' and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to TCP port 524.
Affected
IBM DB2 version 9.1 before FP10,
IBM DB2 version 9.5 before FP7 and
IBM DB2 version 9.7 before FP3
References
Severity
Classification
-
CVE CVE-2011-0731 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-01 Feb15 (Windows)
- Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
- MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Windows)
- IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)