IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to buffer overflow vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to IBM DB2 version 9.7 FP7 or later, For updates refer, http://www-01.ibm.com/support/docview.wss?uid=swg24033685 ****** NOTE : A special build with the interim fix will be made available for DB2 V9.5 FP10, V9.8 FP5 and V10.1 FP1. ******

Insight

The Stored Procedure (SP) infrastructure fails to properly sanitize user-supplied input when debugging stored procedures, which will result in a stack-based buffer overflow.

Affected

IBM DB2 versions 9.1, 9.5, 9.7 before FP7, 9.8 and 10.1 on Linux NOTE : Ignore the security hole if IBM DB2 pureScale Feature on IBM DB2 version 9.8 is not installed.

References

http://osvdb.org/show/osvdb/86414
http://secunia.com/advisories/50921/
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
http://www-01.ibm.com/support/docview.wss?uid=swg21614536
http://www-01.ibm.com/support/docview.wss?uid=swg24033685
http://www-01.ibm.com/support/docview.wss?uid=swg27007053
http://xforce.iss.net/xforce/xfdb/78817

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4826

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities
Oracle Database Server Multiple Vulnerabilities - Oct 06
Oracle Database Server Multiple Vulnerabilities - July 06
Oracle Database Server listener Security Bypass Vulnerability
Sybase SQL Blank Password

Take action and discover your vulnerabilities