|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12436] DB2 Multiple Unspecified Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Sep 02 2004 - 12:20:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
DB2 Multiple Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA12436
VERIFY ADVISORY:
http://secunia.com/advisories/12436/
CRITICAL:
Moderately critical
IMPACT:
Unknown, System access
WHERE:
From local network
SOFTWARE:
DB2 Universal Database 7.x
http://secunia.com/product/858/
DB2 Universal Database 8.x
http://secunia.com/product/857/
DESCRIPTION:
NGSSoftware has reported multiple unspecified vulnerabilities in DB2
Universal Database, allowing malicious people to compromise a
vulnerable system.
Two of the vulnerabilities are caused due to boundary errors, which
can be exploited to execute arbitrary code. There are also some other
unspecified errors with an unknown impact.
The vulnerabilities have been reported in the following versions:
* DB2 8.1 Fixpak 6 and prior
* DB2 7.x Fixpak 11 and prior
Further details will reportedly be published 1st of December 2004.
SOLUTION:
The vendor has issued fixpaks, which address the two buffer overflow
vulnerabilities.
Fixpak 7 for DB2 8.1:
http://www-306.ibm.com/software/data/db2/udb/support/downloadv8.html
Fixpak 12 for DB2 7.x:
http://www-306.ibm.com/software/data/db2/udb/support/downloadv7.html
- DB2
Restrict access to the database.
PROVIDED AND/OR DISCOVERED BY:
NGSSoftware
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]