Summary
The host is running IBM DB2 and is prone to buffer overflow vulnerability.
Impact
Successful exploitation allows remote attackers to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to IBM DB2 version 9.7 FP7 or later,
For updates refer, http://www-01.ibm.com/support/docview.wss?uid=swg24033685
******
NOTE : A special build with the interim fix will be made available for DB2 V9.5 FP10, V9.8 FP5 and V10.1 FP1.
******
Insight
The Stored Procedure (SP) infrastructure fails to properly sanitize user-supplied input when debugging stored procedures, which will result in a stack-based buffer overflow.
Affected
IBM DB2 versions 9.1, 9.5, 9.7 before FP7 and 10.1 on Windows
References
- http://osvdb.org/show/osvdb/86414
- http://secunia.com/advisories/50921/
- http://www-01.ibm.com/support/docview.wss?uid=swg21450666
- http://www-01.ibm.com/support/docview.wss?uid=swg21614536
- http://www-01.ibm.com/support/docview.wss?uid=swg24033685
- http://www-01.ibm.com/support/docview.wss?uid=swg27007053
- http://xforce.iss.net/xforce/xfdb/78817
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4826 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities