Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 Java Stored Procedure Infrastructure (CVE-2012-2197).

Abstract Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2197 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allo...

IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by one or more of the following issues : - An error exists related to the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow 'JAR' files to be overwritten. Not...

IBM DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities

According to its version, the installation of DB2 10.1 running on the remote host is affected by one or more of the following issues : - An error exists in the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow unauthorized replacement of Jar files. Note this vulnerability only affects the...

CVE-2012-2197

CVE-2012-2197 affects IBM DB2 Java Stored Procedure infrastructure across multiple DB2 releases (9.1 before FP12, 9.5–FP9, 9.7–FP6, 9.8–FP5, 10.1). The vulnerability is a stack-based buffer overflow that could allow remote authenticated execution of arbitrary code by exploiting CONNECT and EXECUT...