| CVE ID | |
| CVSS SCORE | 9.0, AV:N/AC:L/Au:N/C:P/I:P/A:C |
| AFFECTED VENDORS |
IBM |
| AFFECTED PRODUCTS |
DB2 Universal Database |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the db2dasrrm process responsible for handling queries to the com.ibm.db2.das.core.DasSysCmd function. While processing a request, the username supplied is copied into a fixed-length stack buffer. By providing a large enough string the copy operation can overflow leading to remote code execution. |
| ADDITIONAL DETAILS |
https://www-304.ibm.com/support/docview.wss?uid=swg21426108 v9.1 fp10 v9.5 fp6 v9.7 fp3 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Intevydis http://intevydis.com |
