| VID |
25101 |
| Severity |
40 |
| Port |
523 |
| Protocol |
TCP |
| Class |
DB2 |
| Detailed Description |
According to its version, the installation of DB2 9.5 on the remote host is older than Fix Pack 7. Such versions are affected by the following vulnerability
- The 'db2dasrrm' component included with such versions fails to perform sufficient bounds checks on user supplied input, which an attacker could leverage to overflow the buffer, potentially resulting in arbitrary code execution on the remote system. (IC72028)
* References:
http://www.zerodayinitiative.com/advisories/ZDI-11-036/
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0586.html
https://www-01.ibm.com/support/docview.wss?uid=swg1IC72028
https://www-304.ibm.com/support/docview.wss?uid=swg21293566#7
* Platforms Affected:
IBM DB2 UDB versions 9.5 FixPack 7
Microsoft Windows Any version
Sun Microsystems, Inc., Solaris SPARC and x86
Hewlett-Packard Company, HP-UX 11i
Linux Any version
IBM AIX 4.0 and 5L |
| Recommendation |
For DB2 Universal Database 9.5:
Apply the latest IBM DB2 Universal Database Fix Pack (9.5 FixPack 7 or later), available from the IBM Support & downloads Web site at https://www-304.ibm.com/support/docview.wss?uid=swg21293566#7 |
| Related URL |
CVE-2011-0731 (CVE) |
| Related URL |
46052 (SecurityFocus) |
| Related URL |
(ISS) |
|
