Research Firm Reveals Multiple Flaws in DB2

UK-based security firm Next Generation Security Software Ltd. has announced that multiple “high risk” vulnerabilities exist in IBM DB2 database products, but details of the flaws were not revealed. IBM has released patches to fix two of the flaws, affecting DB2 Universal Database for Linux, Unix and Windows Versions 7.x and 8.1. According to Next Generation Security, the vulnerabilities are both remotely exploitable buffer overflows that “could allow for complete compromise of the affected database server or denial of service attacks”. The company has found and reported other vulnerabilities in DB2, but IBM has not yet fixed these flaws. Exact details of the vulnerabilities are being withheld until December 1, 2004 to allow DB2 administrators to apply the patches. There have been no reports of exploits for the flaws.

http://www.eweek.com/article2/0,1759,1642631,00.asp

Leave a Reply