IBM.DB2.Universal.Database.XML.Query.Buffer.Overflow

description-logoDescription

This indicates an attack attempt against a buffer-overflow vulnerability in IBM DB2 Universal Database application. The vulnerability is caused by an error when the dynamic library DB2ENGN.dll handles a specially crafted XMLQUERY function call. It allows a remote attacker to execute arbitrary code.

affected-products-logoAffected Products

IBM DB2 Universal Database for Windows 9.1Fix Pak 4a
IBM DB2 Universal Database for Windows 9.1 FixPak 4
IBM DB2 Universal Database for Windows 9.1 FixPak 3
IBM DB2 Universal Database for Windows 9.1 FixPack 2
IBM DB2 Universal Database for Windows 9.1
IBM DB2 Universal Database for Solaris 9.1 FixPak 4a
IBM DB2 Universal Database for Solaris 9.1 Fixpak 4
IBM DB2 Universal Database for Solaris 9.1 FixPak 3
IBM DB2 Universal Database for Solaris 9.1 FixPack 2
IBM DB2 Universal Database for Solaris 9.1
IBM DB2 Universal Database for Linux 9.1 FixPak 4a
IBM DB2 Universal Database for Linux 9.1 Fixpak 4
IBM DB2 Universal Database for Linux 9.1 FixPak 3
IBM DB2 Universal Database for Linux 9.1 FixPack 2
IBM DB2 Universal Database for Linux 9.1
IBM DB2 Universal Database for HP-UX 9.1 FixPak 4a
IBM DB2 Universal Database for HP-UX 9.1 Fixpak 4
IBM DB2 Universal Database for HP-UX 9.1 FixPak 3
IBM DB2 Universal Database for HP-UX 9.1 FixPack 2
IBM DB2 Universal Database for HP-UX 9.1
IBM DB2 Universal Database for AIX 9.1 FixPak 4a
IBM DB2 Universal Database for AIX 9.1 FixPak 4
IBM DB2 Universal Database for AIX 9.1 FixPak 3
IBM DB2 Universal Database for AIX 9.1 FixPack 2
IBM DB2 Universal Database for AIX 9.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply patch, available from the web site:
IBM DB2 9.1, Apply Fix Pack 5:
IBM DB2 9.5, Apply Fix Pack 1:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)