Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4866

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-4866
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4866

Summary

Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.

Vulnerable Systems

Application

  • Ibm Db2 Universal Database 7.0

  • Ibm Db2 Universal Database 7.1

  • Ibm Db2 Universal Database 7.2

  • Ibm Db2 Universal Database 8.0

  • Ibm Db2 Universal Database 8.1


References

BID - 11401

SECUNIA - 12733

XF - db2-jdbc-bo(17613)

MISC - http://www.nextgenss.com/advisories/db205012005D.txt

AIXAPAR - IY61492

BUGTRAQ - 20050105 IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)


Last Updated: 27 May 2016 10:41:28