Buffer overflow in IBM DB2

#VU7189 Buffer overflow in IBM DB2

Published: 2017-06-23

Vulnerability identifier: #VU7189

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1105

CWE-ID: CWE-120

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
IBM DB2
Server applications / Database software

Vendor: IBM Corporation

Description
The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in IBM DB2 due to buffer overflow. A local attacker can trigger memory corruption to overwrite DB2 files and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 11.1.2 FP2; APARs IT20563, IT20461, IT20568, IT20567.

Vulnerable software versions

IBM DB2: 9.7, 11.1.0.0, 10.5, 10.1

External links
http://www-01.ibm.com/support/docview.wss?uid=swg22003877

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Two vulnerabilities in IBM DB2