SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   IBM DB2 Vendors:   IBM
IBM DB2 Scalar Function Bug Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1033063
SecurityTracker URL:  http://securitytracker.com/id/1033063
CVE Reference:   CVE-2015-1935   (Links to External Site)
Date:  Jul 24 2015
Impact:   Denial of service via network, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5, 9.7, 9.8, 10.1, 10.5
Description:   A vulnerability was reported in IBM DB2. A remote authenticated user can cause denial of service conditions on the target system.

A remote authenticated user can run a specially crafted SQL statement that invokes certain scalar functions to cause the target DB2 server to execute arbitrary code with the privileges of the DB2 process or cause denial of service conditions.

David Litchfield reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code with the privileges of the DB2 process or cause denial of service conditions.
Solution:   The vendor has issued a fix.

9.7: APAR IT08668
9.8: APAR IT08667
10.1 FP5: APAR IT08543
10.5: APAR IT08656

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21902661

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21902661 (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 28 2015 (IBM Issues Fix for IBM InfoSphere BigInsights) IBM DB2 Scalar Function Bug Lets Remote Authenticated Users Deny Service
IBM has issued a fix for IBM InfoSphere BigInsights.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC