IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with IBM DB2 and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges or crash the affected application. Impact Level: System/Application

Solution

Upgrade to IBM DB2 version 9.1 FP9 or 9.5 FP6 or 9.7 FP2 or later. For updates refer to, http://www-01.ibm.com/software/data/db2/express/download.html

Insight

The flaw is due to error in 'REPEAT()' function when processing SELECT statement that has a long column name generated.

Affected

IBM DB2 version 9.1 before FP9, 9.5 before FP6, 9.7 before FP2.

References

http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html
http://securitytracker.com/alerts/2010/Jan/1023509.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0462

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities - 03 May14 (Windows)
Oracle Database 'XML DB component' Unspecified vulnerability
IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities
Oracle MySQL Multiple Unspecified vulnerabilities-04 Oct14 (Windows)

Take action and discover your vulnerabilities