IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with IBM DB2 and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges or crash the affected application. Impact Level: System/Application

Solution

Upgrade to IBM DB2 version 9.1 FP9 or 9.5 FP6 or 9.7 FP2 or later. For updates refer to, http://www-01.ibm.com/software/data/db2/express/download.html

Insight

The flaw is due to error in 'REPEAT()' function when processing SELECT statement that has a long column name generated.

Affected

IBM DB2 version 9.1 before FP9, 9.5 before FP6, 9.7 before FP2.

References

http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html
http://securitytracker.com/alerts/2010/Jan/1023509.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0462
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

IBM DB2 OLAP Specification Query Denial of Service Vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities - 01 May14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 01 Jan14 (Windows)
MySQL UNINSTALL PLUGIN Security Bypass Vulnerability
IBM DB2 db2pd Denial Of Service Vulnerability (Linux)

Take action and discover your vulnerabilities