IBM Corp. has fixed vulnerabilities in its DB2 Universal Database, which an attacker could use to remotely trigger...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
a buffer overflow.
London-based Next Generation Security (NGS) Software Ltd. discovered the "critical" vulnerabilities and said in an advisory it will wait three months before releasing full details on what the problems are and how exactly they can be exploited.
"Full details will be published on the 1st of December 2004," the company said in its advisory. "This three-month window will allow DB2 database administrators the time needed to test and apply the Fixpak before the details are released to the general public. This reflects NGSSoftware's new approach to responsible disclosure."
Specifically, the vulnerabilities affect DB2 8.1 Fixpak 6 and earlier, and DB2 7.x Fixpak 11 and earlier.