'Critical' vulnerabilities in IBM's DB2

Vulnerabilities in IBM's DB2 include remotely exploitable buffer overflows and have been fixed for versions 8.1 and 7.x.

IBM Corp. has fixed vulnerabilities in its DB2 Universal Database, which an attacker could use to remotely trigger

a buffer overflow.

London-based Next Generation Security (NGS) Software Ltd. discovered the "critical" vulnerabilities and said in an advisory it will wait three months before releasing full details on what the problems are and how exactly they can be exploited.

"Full details will be published on the 1st of December 2004," the company said in its advisory. "This three-month window will allow DB2 database administrators the time needed to test and apply the Fixpak before the details are released to the general public. This reflects NGSSoftware's new approach to responsible disclosure."

Two of the vulnerabilities, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for DB2 8.1 and Fixpak 12 for DB2 7.x.

Specifically, the vulnerabilities affect DB2 8.1 Fixpak 6 and earlier, and DB2 7.x Fixpak 11 and earlier.

Dig deeper on IBM DB2 management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchAWS

SearchContentManagement

SearchOracle

SearchSAP

SearchSOA

SearchSQLServer

Close