Computer Security
[EN] securityvulns.ru no-pyccku


IBM DB2 multiple security vulnerabilities
Published:22.09.2008
Source:
SecurityVulns ID:9303
Type:remote
Threat Level:
6/10
Description:XMLQUERY and XMLEXIST buffer overflow, CLR stored procedures privilege escalation and DoS.
Affected:IBM : DB2 9.1
 IBM : DB2 9.5
CVE:CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.)
 CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.)
Original documentdocumentSHATTER, Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS (22.09.2008)
 documentSHATTER, Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio (22.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod