IBM DB2 - 'REPEAT' Heap Buffer Overflow Vulnerability

2010-01-27T00:00:00
ID EDB-ID:33572
Type exploitdb
Reporter Evgeny Legerov
Modified 2010-01-27T00:00:00

Description

IBM DB2 'REPEAT()' Heap Buffer Overflow Vulnerability. CVE-2010-0462. Local exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/37976/info

IBM DB2 is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.

The issue affects the following:

IBM DB2 versions prior to 9.1 Fix Pack 9
IBM DB2 9.7

Other versions may also be affected. 

SELECT REPEAT(REPEAT('1',1000),1073741825) FROM SYSIBM.SYSDUMMY1