• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: IBM DB2 Stored Procedure Interface Library Name Buffer Overflow Vulnerability

Severity: CRITICAL

Description:

A remotely exploitable buffer overflow exists in IBM DB2. This issue is due to insufficient bounds checking of library names passed to the stored procedure interface.

IBM DB2 allows users to directly load a library and execute a function in the following manner:

call libname!function

It is reported that this issue can be exploited by supplying a long libname, which is copied into sensitive process buffers causing memory regions adjacent to the destination to be overrun with the superfluous data. This will result in memory corruption that could be leveraged to control execution flow of the program.

Successful exploitation may allow a user to gain control of the DB2 service or the DB2 UDB process and execute arbitrary code with elevated privileges. A user would have to have a database connection in order to exploit this vulnerability though SQL injection vulnerabilities in database-driven applications may provide an attack vector. It is also reported that the 'CREATE WRAPPERS' functionality uses identical code as 'CALL' and can be used to exploit this vulnerability as well.

This is likely one of the issues announced in BIDs 11089 and 11327. It is now being assigned its own BID since the vendor has provided additional technical information.

Affected Products:

• IBM DB2 Universal Database for AIX 7.0.0
• IBM DB2 Universal Database for AIX 7.1.0
• IBM DB2 Universal Database for AIX 7.2.0
• IBM DB2 Universal Database for AIX 8.0.0
• IBM DB2 Universal Database for AIX 8.1.0
• IBM DB2 Universal Database for HP-UX 7.0.0
• IBM DB2 Universal Database for HP-UX 7.1.0
• IBM DB2 Universal Database for HP-UX 7.2.0
• IBM DB2 Universal Database for HP-UX 8.0.0
• IBM DB2 Universal Database for HP-UX 8.1.0
• IBM DB2 Universal Database for Linux 7.0.0
• IBM DB2 Universal Database for Linux 7.1.0
• IBM DB2 Universal Database for Linux 7.2.0
• IBM DB2 Universal Database for Linux 8.0.0
• IBM DB2 Universal Database for Linux 8.1.0
• IBM DB2 Universal Database for Solaris 7.0.0
• IBM DB2 Universal Database for Solaris 7.1.0
• IBM DB2 Universal Database for Solaris 7.2.0
• IBM DB2 Universal Database for Solaris 8.0.0
• IBM DB2 Universal Database for Solaris 8.1.0
• IBM DB2 Universal Database for Windows 7.1.0
• IBM DB2 Universal Database for Windows 7.2.0
• IBM DB2 Universal Database for Windows 8.0.0
• IBM DB2 Universal Database for Windows 8.1.0

References:

• IBM: APARs included in DB2 UDB Version 8 FixPak 6a and FixPak 7a
• IBM: DB2 V8 FixPaks 6 and 7 replaced with FixPaks 6a and 7a
• IBM: IBM responds to DB2 UDB security vulnerability reports

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.