CVE-2010-3731 Information

Feb 14, 2021 cve

Description

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10 9.5 before FP6a and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.

Reference

ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41686 http://www.securityfocus.com/bid/46077 http://www.vupen.com/english/advisories/2010/2544 http://www.zerodayinitiative.com/advisories/ZDI-11-035 http://www-01.ibm.com/support/docview.wss?uid=swg1IC69986 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70538 http://www-01.ibm.com/support/docview.wss?uid=swg1IC70539 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14687

Share on: