News Stay informed about the latest enterprise technology news and product updates.

'Critical' vulnerabilities in IBM's DB2

Vulnerabilities in IBM's DB2 include remotely exploitable buffer overflows and have been fixed for versions 8.1 and 7.x.

IBM Corp. has fixed vulnerabilities in its DB2 Universal Database, which an attacker could use to remotely trigger a buffer overflow.

London-based Next Generation Security (NGS) Software Ltd. discovered the "critical" vulnerabilities and said in an advisory it will wait three months before releasing full details on what the problems are and how exactly they can be exploited.

"Full details will be published on the 1st of December 2004," the company said in its advisory. "This three-month window will allow DB2 database administrators the time needed to test and apply the Fixpak before the details are released to the general public. This reflects NGSSoftware's new approach to responsible disclosure."

Two of the vulnerabilities, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for DB2 8.1 and Fixpak 12 for DB2 7.x.

Specifically, the vulnerabilities affect DB2 8.1 Fixpak 6 and earlier, and DB2 7.x Fixpak 11 and earlier.

Dig Deeper on IBM DB2 management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.