CVE-2012-0711

Sažetak

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.

Reference

http://www.securityfocus.com/bid/77826
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728
http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729
http://www-01.ibm.com/support/docview.wss?uid=swg21588093
https://exchange.xforce.ibmcloud.com/vulnerabilities/73495
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 10:29

Objavljeno

20-03-2012 - 20:55