Short Name |
DB:DB2:SQL-REPEAT-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
IBM DB2 Database Server SQL REPEAT Buffer Overflow |
Release Date |
2010/10/01 |
Update Number |
1784 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known heap buffer overflow vulnerability in IBM's DB2 Database Server. It is due to an integer overflow that can occur when malicious input is processed by the REPEAT function. By sending a crafted SQL query to the target server an attacker can exploit this and execute arbitrary code.
IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application. The issue affects the following: IBM DB2 versions prior to 9.1 Fix Pack 9 IBM DB2 9.7 Other versions may also be affected.