Lucene search

Kaspersky LabKLA10133

HistoryDec 31, 2005 - 12:00 a.m.

KLA10133 ACE vulnerabilities in IBM DB2

2005-12-3100:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.229

Percentile

96.6%

JSON

Multiple buffer overflows was found in the IBM DB2. By using this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally via a specially designed libname, environment variable or parameter.

Original advisories

Related products

DB2-Universal-Database

CVE list

CVE-2005-4863 high

CVE-2005-4864 high

CVE-2005-4865 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

IBM DB2 Universal Database 7 all versionsIBM DB2 Universal Database 8 version 8.1

References

statistics.securelist.com/

threats.kaspersky.com/en/product/DB2-Universal-Database/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.229

Percentile

96.6%

JSON

Related for KLA10133