Summary
The host is running IBM DB2 and is prone to buffer overflow vulnerability.
Impact
Successful exploitation allows remote users to cause denial of service or execution of abritrary code.
Impact Level: Application.
Solution
Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP7, 9.7 FP3 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
Insight
The flaw is due to a boundary error in the 'receiveDASMessage()' function in 'db2dasrrm' and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to TCP port 524.
Affected
IBM DB2 version 9.1 before FP10,
IBM DB2 version 9.5 before FP7 and
IBM DB2 version 9.7 before FP3
References
Severity
Classification
-
CVE CVE-2011-0731 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)
- Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)
- Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
- Oracle Database Server Multiple Vulnerabilities - July 06
- IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability