3 matches found
Security Bulletin: IBM® Db2® performs unsafe deserialization in DB2 JDBC driver (CVE-2017-1677)
Summary The Db2 JDBC driver deserializes an object unsafely potentially leading to arbitrary code execution. Vulnerability Details CVEID: CVE-2017-1677 DESCRIPTION: IBM Data Server Driver for JDBC and SQLJ deserializes the contents of /tmp/connlicj.bin which leads to object injection and...
IBM DB2 9.7 < FP11 Special Build 37314 / 10.1 < FP6 Special Build 37313 / 10.5 < FP10 Special Build 37311 / 11.1.3 < FP3 JDBC Driver Unsafe Deserialization Local Privilege Escalation (UNIX)
According to its version, the installation of IBM DB2 running on the remote host is either 9.7 prior to Fix Pack 11 Special Build 37314, 10.1 prior to Fix Pack 6 Special Build 37313, 10.5 prior to Fix Pack 10 Special Build 37311, or 11.1.3 prior to Fix Pack 3. It is, therefore, affected by a loca...
CVE-2017-1677
CVE-2017-1677 affects IBM DB2 family via unsafe deserialization in the Data Server Driver for JDBC/SQLJ. The vulnerability occurs when the driver deserializes /tmp/connlicj.bin, enabling object injection and potentially arbitrary code execution depending on the classpath. Affected products/versio...