IBM DB2 REPEAT Buffer Overflow And TLS Renegotiation Vulnerabilities (Win) Network Vulnerability

Summary

The host is installed with IBM DB2 and is prone to buffer overflow and TLS Renegotiation vulnerabilities.

Impact

Successful exploitation will allow attacker to cause a denial of service or to bypass security restrictions. Impact Level: System/Application

Solution

Update IBM DB2 9.1 FP9, For updates refer to http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

The flaws are due to: - Buffer overflow error within the scalar function 'REPEAT', which could allow malicious users to cause a vulnerable server to crash. - An error in the 'TLS' implementation while handling session 're-negotiations' which can be exploited to insert arbitrary plaintext into an existing TLS session via Man-in-the-Middle (MitM) attacks.

Affected

IBM DB2 version 9.1 prior to FP9

References

http://secunia.com/advisories/39500
http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922
http://www.vupen.com/english/advisories/2010/0982

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1560

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Win)
CouchDB Message Digest Verification Security Bypass Vulnerability
MySQL mysqlhotcopy script insecure temporary file
Oracle MySQL Multiple Unspecified vulnerabilities - 04 Jan14 (Windows)
MySQL MyISAM Table Privileges Secuity Bypass Vulnerability

IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)

Take action and discover your vulnerabilities