IBM DB2 Administration Server Remote Vulnerability Fixed

IBM has released a fix for a buffer overflow vulnerability in their DB2 Administration Server (DAS) system.

The following versions are vulnerable:
DB2 9.1 prior to Fix Pack 10
DB2 9.5 prior to Fix Pack 6
DB2 9.7 prior to Fix Pack 3

UPDATE 11 Feb 2011 -Commercial exploit code now exists for this.

References:
[9.1] – https://www-304.ibm.com/support/docview.wss?uid=swg1IC69986
[9.5] – https://www-304.ibm.com/support/docview.wss?uid=swg1IC70538
[9.7] – https://www-304.ibm.com/support/docview.wss?uid=swg1IC70539

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Leave a Reply