Databases : IBM Db2 Administration Server (DAS) Buffer Overflow Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.801589

Category: Databases

Title: IBM Db2 Administration Server (DAS) Buffer Overflow Vulnerability

Summary: IBM Db2 is prone to a buffer overflow vulnerability.

Description: Summary:
IBM Db2 is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error in the 'receiveDASMessage()' function in
'db2dasrrm' and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to
TCP port 524.

Vulnerability Impact:
Successful exploitation allows remote users to cause denial of service or
execution of arbitrary code.

Affected Software/OS:
IBM Db2 version 9.1 before FP10, version 9.5 before FP7 and version 9.7
before FP3.

Solution:
Upgrade to IBM Db2 version 9.1 FP10, 9.5 FP7, 9.7 FP3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0731
AIX APAR: IC71203
http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203
AIX APAR: IC72028
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028
AIX APAR: IC72029
http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029
BugTraq ID: 46052
http://www.securityfocus.com/bid/46052
http://www.osvdb.org/70683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699
http://secunia.com/advisories/43059

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.801589
Category:	Databases
Title:	IBM Db2 Administration Server (DAS) Buffer Overflow Vulnerability
Summary:	IBM Db2 is prone to a buffer overflow vulnerability.
Description:	Summary: IBM Db2 is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error in the 'receiveDASMessage()' function in 'db2dasrrm' and can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to TCP port 524. Vulnerability Impact: Successful exploitation allows remote users to cause denial of service or execution of arbitrary code. Affected Software/OS: IBM Db2 version 9.1 before FP10, version 9.5 before FP7 and version 9.7 before FP3. Solution: Upgrade to IBM Db2 version 9.1 FP10, 9.5 FP7, 9.7 FP3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0731 AIX APAR: IC71203 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203 AIX APAR: IC72028 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028 AIX APAR: IC72029 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029 BugTraq ID: 46052 http://www.securityfocus.com/bid/46052 http://www.osvdb.org/70683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699 http://secunia.com/advisories/43059
Copyright	Copyright (C) 2011 Greenbone AG