Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3854

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-3854
Last Modified 06 Sep 2011 12:00:00
Published 28 Aug 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3854

Summary

Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

Vulnerable Systems

Application

  • Ibm Db2 Universal Database 9.1

  • Ibm Db2 Universal Database 9.5


References

XF - ibm-db2-multiple-bo(42935)

XF - ibm-db2-sqlrlaka-bo(42930)

BID - 29601

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21255607

AIXAPAR - IZ18434

AIXAPAR - IZ16346

SECUNIA - 30558

VUPEN - ADV-2008-1769

BUGTRAQ - 20080916 Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS

AIXAPAR - IZ18431


Last Updated: 27 May 2016 10:48:19