Summary
The host is running IBM DB2 and is prone to buffer overflow vulnerability.
Impact
Successful exploitation allows remote users to cause denial of service or execution of abritrary code.
Impact Level: Application.
Solution
Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP7, 9.7 FP3 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaw is due to a boundary error in the 'receiveDASMessage()' function in 'db2dasrrm' and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to TCP port 524.
Affected
IBM DB2 version 9.1 before FP10,
IBM DB2 version 9.5 before FP7 and
IBM DB2 version 9.7 before FP3
References
Severity
Classification
-
CVE CVE-2011-0731 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
- IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
- Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)
- IBM DB2 UTL_FILE Module Directory Traversal Vulnerability (Windows)
- MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability