DB: IBM DB2 Database Server SQL REPEAT Buffer Overflow
This signature detects attempts to exploit a known heap buffer overflow vulnerability in IBM's DB2 Database Server. It is due to an integer overflow that can occur when malicious input is processed by the REPEAT function. By sending a crafted SQL query to the target server an attacker can exploit this and execute arbitrary code.
Extended Description
IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. The issue affects the following: IBM DB2 versions prior to 9.1 Fix Pack 9 IBM DB2 9.7 Other versions may also be affected.
Affected Products
Ibm db2_universal_database
Short Name
DB:DB2:SQL-REPEAT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Buffer CVE-2010-0462 DB2 Database IBM Overflow REPEAT SQL Server bid:37976
Release Date
10/01/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/50000
False Positive
Unknown
Vendors
Ibm
CVSS Score
6.5