IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

The host is running IBM DB2 and is prone to buffer overflow vulnerability.

Impact

Successful exploitation allows remote attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade to IBM DB2 version 9.7 FP7 or later, For updates refer, http://www-01.ibm.com/support/docview.wss?uid=swg24033685 ****** NOTE : A special build with the interim fix will be made available for DB2 V9.5 FP10, V9.8 FP5 and V10.1 FP1. ******

Insight

The Stored Procedure (SP) infrastructure fails to properly sanitize user-supplied input when debugging stored procedures, which will result in a stack-based buffer overflow.

Affected

IBM DB2 versions 9.1, 9.5, 9.7 before FP7, 9.8 and 10.1 on Linux NOTE : Ignore the security hole if IBM DB2 pureScale Feature on IBM DB2 version 9.8 is not installed.

References

http://osvdb.org/show/osvdb/86414
http://secunia.com/advisories/50921/
http://www-01.ibm.com/support/docview.wss?uid=swg21450666
http://www-01.ibm.com/support/docview.wss?uid=swg21614536
http://www-01.ibm.com/support/docview.wss?uid=swg24033685
http://www-01.ibm.com/support/docview.wss?uid=swg27007053
http://xforce.iss.net/xforce/xfdb/78817

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4826
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

PostgreSQL Multiple Security Vulnerabilities
Sybase SQL Blank Password
IBM DB2 Multiple Unspecified Vulnerabilities (Linux)
IBM DB2 Multiple Vulnerabilities (Sep10)
Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)

Take action and discover your vulnerabilities