'Critical' vulnerabilities in IBM's DB2

Bill Brenner

IBM Corp. has fixed vulnerabilities in its DB2 Universal Database, which an attacker could use to remotely trigger a buffer overflow.

London-based Next Generation Security (NGS) Software Ltd. discovered the "critical" vulnerabilities and said in an advisory

    Requires Free Membership to View

it will wait three months before releasing full details on what the problems are and how exactly they can be exploited.

"Full details will be published on the 1st of December 2004," the company said in its advisory. "This three-month window will allow DB2 database administrators the time needed to test and apply the Fixpak before the details are released to the general public. This reflects NGSSoftware's new approach to responsible disclosure."

Two of the vulnerabilities, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for DB2 8.1 and Fixpak 12 for DB2 7.x.

Specifically, the vulnerabilities affect DB2 8.1 Fixpak 6 and earlier, and DB2 7.x Fixpak 11 and earlier.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: